The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million.

The ALPHV/BlackCat ransomware gang has shut down its servers after an affiliate accused them of stealing a $22 million ransom from Optum. BleepingComputer confirmed the closure of their negotiation sites, suggesting a deliberate takedown of their infrastructure. The situation remains unclear, with potential implications of an exit scam or rebranding. The affiliate, “notchy,” claims to possess 4TB of critical Optum data. UnitedHealth Group, Optum’s parent company, is focused on the investigation. This follows a pattern of rebranding from DarkSide to BlackMatter to ALPHV/BlackCat, with past disruptions and re-emergences in their operations.