Contactez-nous Suivez-nous sur Twitter En francais English Language

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Comment from Semperis on the APLHV/BlackCat ransomware payment

March 2024 by Yossi Rachman, Director of Security Research, Semperis

The comment from Yossi Rachman, Semperis, Director of Security Research at Semperis on the APLHV/BlackCat ransomware payment.

In response to the reports that ALPHV/BlackCat stole a $22 million payment made by Change Healthcare, it’s important to emphasise that this is all speculation. I do agree that it looks a little odd, because ALPHAV might lose business over it. Then again, it’s not a bricks-and-mortar business so if they did decide to steal the money and run, they can just as easily set up a new business under a different name.

Overall, no one outside of in the inner circles of ALPHV, their affiliate and Change Healthcare are privy to this information about who paid or did not pay. And you know what they say in the cybersecurity industry about there being no honor among thieves. So, nothing surprises me.

Also, keep in mind that you have affiliates on one hand and the ransomware gang on the other and they do not necessarily mean they share the same interests or comradery. Affiliates are usually third parties with infection / initial access capabilities who are looking to make a profit and not typically loyal to any ransomware gang. Typically, the affiliates pay in exchange for access to the ransomware toolkit created by the operators (in this case ALPHV/BlackCat) as well as a share of the profits earned through their access to the victim, based on an agreement or price list. It’s possible the operators locked the cryptocurrency wallet or simply didn’t pass on the agreed portion of the profits to the affiliate.

See previous articles


See next articles

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55

All new podcasts