UnitedHealth Group confirmed on January 24, 2025, that a ransomware attack on its Change Healthcare unit compromised the personal data of approximately 190 million Americans—nearly half the nation’s population.
This hack attack, attributed to the Russian-speaking ALPHV/BlackCat ransomware group. Analysts speculate the group exploited compromised credentials to infiltrate the company’s network, bypassing security measures that notably lacked two-factor authentication (2FA).
Stolen data reportedly includes Social Security numbers, medical histories, and financial records, creating a treasure trove for identity theft and phishing schemes. Dark web monitoring firms have already detected listings for “healthcare data bundles” priced at $500,000—a common tactic among ransomware-as-a-service (RaaS) groups like ALPHV, which lease hacking tools to affiliates in exchange for a cut of profits.
Who is ALPHV/BlackCat ?
ALPHV/BlackCat is a Russian-speaking ransomware hacking group. The group isn’t some fly-by-night hacking collective—it’s a well-skilled extortion machine with roots tracing back to DarkSide, the group behind the 2021 Colonial Pipeline hack that left gas stations dry across the U.S. East Coast. Below is a list of some attacks carried out by ALPHV/BlackCat:
Swissport’s Hack (2022)
This attack took place on February 2022, this security incident didn’t just delay flights; it put lives at risk by disrupting temperature-sensitive cancer medications. While Swissport never confirmed paying up, cybersecurity blogs later buzzed about leaked payroll spreadsheets—a classic ALPHV pressure tactic.
Reddit’s Hack (2023)
In 2023 ALPHV/BlackCat stole 80GB of Reddit’s internal data—including mod tools and user stats—they demanded the platform scrap its controversial API fees. When Reddit’s CEO Steve Huffman called their bluff, the group offered the data to dark web auctioneers like a digital yard sale.
MGM’s Hack (2023)
in September 2023, MGM was attacked by ALPHV/BlackCat ransomware group, in an incident that disabled the resort Keycards systems for 10 days. BlackCat’s ransomware encrypted MGM resorts backend systems. They could break in by phoning an IT helpdesk worker and pretending to be an employee.
What Makes Them So Damn Effective?
Three words: adaptation, audacity, anonymity. Their ransomware uses Rust code—a language favored by developers for its speed, but rarely seen in malware—making it harder for off-the-shelf antivirus tools to spot. They’ve also mastered the art of plausible deniability, operating through “affiliates” who do the dirty work for a cut of the profits. It’s like Uber, but for data kidnapping.