The other day, I posted about AlphaV and their attack against Change Healthcare. (link)
Just 2 days later, the posting on the AlphaV website disappeared – an indicator that a ransom had been paid.
This payment theory has however, now taken a dramatic turn – evidence of a payment has been exposed by a user who claims to be the affiliate who gained initial access to Change Healthcare.
The affiliate has posted a complaint online to the effect that AlphaV have received a bitcoin payment to the sum of $22M USD, but have not paid the affiliate, and have blocked their account.
The mystery deepens even more when we now find that the AlphaV / Blackcat dark web site is currently offline.
The Tox messaging platform used by the ransomware gang simply contains a message “Все выключено, решаем,” which translates to “Everything is off, we decide.”
All this points to AlphaV doing a runner. Which could be true considering that they were targeted by the FBI last year and had most of their infrastructure taken offline – This could be a final payday for the gang before heading to the hills.
It could also be a glitch, or simply an admin day for the – time will tell.
