The US State Department is offering a $10 million reward for information related to the notorious 'BlackCat' ransomware group that carried out the UnitedHealth cyberattack.
This reward is part of the State Department's Rewards for Justice (RFJ) program, administered by the Diplomatic Security Service and which offers remuneration for any information “leading to the identification or location of any person” involved in cybercrimes sponsored by the state.
The ALPHV/BlackCat group is specifically mentioned in the bounty announcement, due to their malicious ransomware-as-a-service activities that compromised critical infrastructure in the US and around the world.
In February, BlackCat targeted the subsidiary of UnitedHealth's technology unit, Change Healthcare.which plays an important role in US healthcare by processing payments between insurance companies and professionals.
More than 100 different Change Healthcare applications were affected by a breach that experts say may have exploited a vulnerability in remote desktop access software to gain initial access.
This compromised a large amount of sensitive data, leaving medical records, patient information and payment details vulnerable.
Many healthcare professionals were left unable to process insurance claims, which in turn disrupted financial transactions within healthcare settings and impacted patients attempting to receive treatment.
UnitedHealth has revealed that it has only just begun clearing a backlog of medical claims worth more than $14 billion as it relaunches its systems in the wake of the attack, including recently restoring Change Healthcare's electronic payments platform.
“We continue to make significant progress in restoring services impacted by this cyberattack,” said Andrew Witty, CEO of UnitedHealth Group.
“We know this has been a huge challenge for healthcare providers and we encourage anyone in need to contact us.”
BlackCat has already claimed that UnitedHealth paid a $22 million ransom, although there is no evidence to suggest whether or not BlackCat held up its end of the deal by returning control of the healthcare provider's systems.
The level of damage caused by the BlackCat attack has now prompted a more proactive response from the US government by imposing this large reward, an increasingly common tactic by US officials in the fight against criminal activity.
“Since its inception in 1984, RFJ has paid more than $250 million to more than 125 individuals around the world who provided actionable information that helped resolve threats to the national security of the United States,” the State Department said.