We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

UnitedHealth Allegedly Pays $22M to Ransomware Gang

UnitedHealth Allegedly Pays $22M to Ransomware Gang
Author Image Husain Parvez
Husain Parvez Published on 7th March 2024 Cybersecurity Researcher

UnitedHealth Group has reportedly paid a ransom of $22 million to the ALPHV/Blackcat ransomware gang to regain access to data and systems encrypted during a cyberattack on its subsidiary, Change Healthcare. The payment was disclosed through a post on a Russian cybercriminal forum by an affiliate of the gang. If true, it would be one of the largest sums of money that’s ever been extorted by a ransomware gang.

According to The Wired, the affiliate's post claimed that UnitedHealth Group's subsidiary Optum paid the sum to prevent data leakage and secure a decryption key. This claim was substantiated by a link to a transaction showing the receipt of 350 bitcoins, equivalent to the ransom amount in USD.

The forum post also revealed internal disputes within the ransomware gang, with the affiliate member alleging they were swindled out of their share of the ransom. "Be careful everyone and stop dealing with ALPHV," the affiliate member warned, indicating a betrayal by the group.

Reuters reported that the cryptocurrency wallet that received the transaction has been tied to ALPHV by blockchain analysis firm TRM Labs, who noted that they’ve seen that wallet used to collect ransom payments from previous ALPHV victims.

The incident has raised concerns about the increasing focus on the US health sector by ransomware gangs, with the payment potentially emboldening future attacks. The cyberattack on Change Healthcare has been notably disruptive, leading to significant delays in the processing of prescriptions across hospitals and pharmacies nationwide.

In response to the incident, a UnitedHealth Group spokesperson stated that the company remains “focused on the investigation and recovery of our operations.” With no guarantee that any of the stolen data will be erased, $22 million would rank among the largest known ransomware payments if it turns out to be true. The current record holder is a $40 million payout made by CNA Financial back in 2021.

This ransomware attack is not the first of its kind involving the Blackcat gang, who are known for its disruptive cyberattacks for several years now. Previous incidents targeting data storage giant Western Digital and Fidelity National Financial have made this hacker gang a notorious name. Despite recent attempts by federal agencies to take down large cybercrime gangs, the menace of ransomware continues to haunt the corporate world.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.