Threat actors behind the Blackcat ransomware are suspected of pulling an exit scam after uploading a law enforcement seizure notice and shutting down their darknet website.
This shutdown occurred after the actors behind BlackCat allegedly received a $22 million ransom payment. The ransom was paid by UnitedHealth’s Change Healthcare unit (Optum) and the threat actors refused to share the proceeds with an associate that helped to execute the attack. These allegations by the associate were posted to the RAMP cybercrime forum according to DataBreaches. These accusations have created suspicions regarding the possibility of a BlackCat exit scam for rebranding purposes in the future. The U.K.’s National Crime Agency (NCA) also reported that they had no ties to any BlackCat disruptions. However, in December the threat actors had their infrastructure taken by law enforcement, but were shortly able to gain back control access, and rebrand under a new moniker. UnitedHealthcare has not commented on the ransom payment and has only stated focusing its intentions on the investigation of the incident.
Read more:
https://thehackernews.com/2024/03/exit-scam-blackcat-ransomware-group.html