© Reuters. The corporate logo of the UnitedHealth Group appears on the side of one of their office buildings in Santa Ana, California, U.S., April 13, 2020. REUTERS/Mike Blake/File Photo
By James Pearson and Christopher Bing
WASHINGTON (Reuters) -A website used by hackers responsible for a breach at UnitedHealth Group (NYSE:) has been replaced by a notice saying it has been seized by international law enforcement.
But at least one of the agencies allegedly responsible said it had nothing to do with the seizure, raising the possibility that the hackers – who also go by the moniker ALPHV – faked their own takedown.
A message posted to the website of the Blackcat hacking gang on Tuesday said it had been impounded “as part of a coordinated law enforcement action” by U.S. authorities and other law enforcement agencies. Among the logos of non-American agencies involved were those of Europol and Britain’s National Crime Agency.
U.S. officials and Europol did not immediately return messages seeking comment, but a National Crime Agency spokesperson said: “I can confirm any recent disruption to ALPHV infrastructure is not a result of NCA activity.”
Several security experts said the takedown notice seemed suspicious.
“This appears to be a classic exit scam,” said researcher Will Thomas. In an exit scam, some hackers pretend to be knocked out of commission, only to quietly pocket their partners’ money and start over under a new name.
Thomas said Blackcat was already believed to be a rebrand of a previous hacker group dubbed DarkSide.
“It would not be a surprise if they return once more in the not-too-distant future,” he said.
Even before the seizure notice, there were signs of something unusual following the intrusion at the tech unit of UnitedHealth, which has caused serious disruption across the United States.
Last week Blackcat posted a message saying it had stolen millions of sensitive records from UnitedHealth, only to delete the claim without explanation.
On Sunday, someone posting to a hacker forum alleged that the gang had cheated them out of their share of the $22 million ransom that UnitedHealth had allegedly paid to restore its systems.
UnitedHealth had not commented on whether it paid a ransom, and did not immediately return a message on Tuesday seeking comment.
