A second ransomware group is reportedly trying to extort UnitedHealth Group's Change Healthcare over the recent cyberattack.
Hackers known as RansomHub claim to have 4 terabytes of Change's data and reached out to the company asking for payment or else they would sell the information on the dark web, cybersecurity analyst Dominic Alvieri posted April 7 on LinkedIn.
"We are aware of these reports and continue to work with the authorities," a Change spokesperson emailed Becker's.
Change Healthcare reportedly paid the BlackCat/ALPHV ransomware gang $22 million after the February cyberattack that crippled the company's claims processing systems. The post from the new group means Change could be the victim of a "double extortion" attempt, cybersecurity researchers say.
"It is not uncommon, as an incident responder, to discover not just one threat inside of a compromised environment, but two or more," Ken Dunham, cyberthreat director at Qualys Threat Research Unit, emailed Becker's. "It is also not uncommon for companies that give in to bad actors performing extortion, such as ransomware and [distributed denial-of-service] payouts, to become 'soft targets,' quickly hit again with additional forms of extortion again and again."
However, he added, "While nobody advocates paying off an adversary, sometimes it is an action that ends up being the best course of action for a business based upon their risks and needs at the time of breach and impact."