cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

US offers US$10m reward for information on ALPHV hackers behind UnitedHealth breach

The US government is advertising a major multimillion-dollar reward for information on the hackers that took down UnitedHealth earlier this year.

user icon Daniel Croft
Tue, 02 Apr 2024
US offers US$10m reward for information on ALPHV hackers behind UnitedHealth breach
expand image

The US State Department said last week that it was offering up to US$10 million for information on the ALPHV (also known as BlackCat) ransomware gang, which was responsible for the attack on UnitedHealth subsidiary Change Healthcare.

The reward is specifically catered to those who are able to provide “information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA)”, according to a State Department press release.

The reward adds fuel to the theory that the ALPHV affiliate behind the Change Healthcare attack was indeed a state-sponsored threat actor.


Prior to this, UnitedHealth first identified the hacker behind the attack as being a state-sponsored actor before ALPHV demanded credit for the breach. Additionally, Menlo Security said it has discovered evidence that the responsible affiliate “Notchy” has ties to the Chinese government.

“The team has uncovered evidence that points to Notchy possibly being tied to China and this being a state-sponsored attack, and that Notchy possibly used SmartScreen Killer and/or the latest version of Cobalt Strike in their attack against Change Healthcare,” it said.

The US State Department’s search for ALPHV may prove to be a difficult task, as the threat group called it quits following the Change Healthcare attack.

After UnitedHealth paid US$22 million in ransom payments, ALPHV pocketed the money and went dark, leaving Notchy without its share.

The group claimed that it was taken down by law enforcement agencies once again, displaying a takedown banner on its dark web leak site. However, law enforcement agencies quickly confirmed they were not involved, as others pointed out that the takedown banner was an image saved from when the group was hit by law enforcement last year.

As large as the reward the State Department is offering, the costs continue to rise for UnitedHealth, which said it has advanced over US$3.3 billion in loans to assist care providers affected by the cyber attack, which delayed insurance claims processing.

Over 40 per cent of the loans have been given to federally qualified health centres and hospitals dealing with high-risk patients.

While not getting the same assistance from UnitedHealth, smaller medical institutions are receiving government assistance, having been hit even harder by the breach, with some weighing up whether to halt treatments or halt payments to staff.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.