— A website used by hackers responsible for a breach at UnitedHealth Group (UNH.N) has been replaced by a notice saying it has been seized by international law enforcement.
WASHINGTON, (Reuters) — The hackers responsible for the breach at UnitedHealth Group (UNH.N), opens new tab appear to have pulled a disappearing act on Tuesday, leaving their cybercriminal associates in the lurch and replacing their old website with a bogus statement from law enforcement.
The U.S. insurer disclosed on Feb. 21 that Blackcat hacking gang – also known as ALPHV – had perpetrated a cyberattack on its technology unit Change Healthcare, causing disruptions across the U.S. healthcare system.
A message posted to Blackcat’s website said it had been impounded “as part of a coordinated law enforcement action” by U.S. authorities and other law enforcement agencies. Among the logos of non-American agencies involved were those of Europol and Britain’s National Crime Agency.
The FBI declined comment and Europol did not return messages, but a National Crime Agency spokesperson said: “I can confirm any recent disruption to ALPHV infrastructure is not a result of NCA activity.”
Blackcat has not responded to Reuters requests for comment in several days.
Security experts said the law enforcement denial and other clues made it look like the hackers had simply decided to shut up shop.
“This appears to be a classic exit scam,” said researcher Will Thomas. In an exit scam, hackers pretend to be knocked out of commission only to quietly pocket their partners’ money and start over under a new name.
— Techmeme