In what seems to be a sudden turn of events, the infamous BlackCat ransomware operation has allegedly shut down their entire infrastructure, including websites and servers. But the circumstances surrounding this decision are shrouded in mystery, leaving cybersecurity experts wondering if this is really the end for the notorious gang.
Over the weekend, the BlackCat operators (also known as ALPHV) posted a cryptic message on the Tox messaging platform that simply read “Everything is off, we decide.” Shortly after, they updated it to “GG” – a gamer term that typically means “good game,” signaling their intent to quit and bow out gracefully.
Table of Contents
BlackCat Ransomware Gang Calls It Quits After Massive UnitedHealth Payout
While no official explanation was provided for this abrupt shutdown, one of BlackCat’s affiliates claims to know the juicy details. According to cybersecurity firm Recorded Future, a “longtime” BlackCat affiliate responsible for the recent attack on Change Healthcare spilled the beans.
Apparently, in late February, the affiliate’s ransomware attack forced some of Change Healthcare’s services offline, even impacting local pharmacies. The company, which had recently merged with Optum in a massive $7.8 billion deal, was backed into a corner.
To prevent the release of sensitive data and obtain a decryption key, the affiliate alleges that Optum coughed up a staggering $22 million in Bitcoin (around 350 BTC) to the BlackCat gang. And this is where things get really interesting.
The affiliate claims that upon receiving the multi-million-dollar payout, the BlackCat operators (who run a ransomware-as-a-service model, taking a cut of each ransom) decided to pull an exit scam – keeping the entire $22 million haul for themselves and leaving their affiliates high and dry.
Now, while this story certainly has a ring of plausibility to it (there’s no honor among thieves, after all), other experts suggest the shutdown could be part of a rebranding effort. BlackCat has done this before, having previously operated under the name DarkSide until 2020.
Regardless of the true motivation behind BlackCat’s apparent shutdown, one thing is clear: the cybercriminal underworld is a treacherous place where allegiances shift, and fortunes can change in an instant. The BlackCat affiliates are now left holding the bag, stuck with 4TB of Optum’s “critical data” that they can no longer leverage for further ransom demands.
So, is this really the end for the dreaded BlackCat gang, or just the beginning of a new chapter under a different guise? Only time will tell. But one thing is certain: the ransomware scourge shows no signs of slowing down, and businesses must remain vigilant in protecting their systems and data from these ever-evolving threats.
