ALPHV [3], formerly known as DarkSide [2], has recently halted its ransomware operations following a $22 million payment and allegations of defrauding an affiliate involved in the Optum attack.


ALPHV [3], a ransomware group previously known as DarkSide, has recently ceased operations after reportedly receiving a $22 million payment and facing accusations of defrauding an affiliate involved in the Optum attack, which targeted Change Healthcare, a subsidiary of United Health Group. The affiliate claimed they were cheated out of their share of the payment [3], leading to suspicions that ALPHV staged a takedown and kept the entire sum [3]. Negotiation sites linked to the ransomware activities have been shut down [2], with speculations ranging from a potential exit scam to a rebranding initiative [2]. The FBI seized ALPHV’s dark web site [3], but the UK’s National Crime Agency denied involvement [1] [3], leading researchers to believe ALPHV is exit scamming their affiliates [3]. This incident underscores the intricate nature of Ransomware-as-a-Service (RaaS) operations and the responsibility of governments to prepare defenses against them [2]. ALPHV’s history is marked by various rebrands amid notable attacks and confrontations with law enforcement agencies [2], showcasing the difficulties in combating sophisticated cybercriminal enterprises with roots in the DarkSide operation, known for the Colonial Pipeline attack [1].


The case of ALPHV highlights the challenges posed by ransomware groups and the need for robust defenses against such threats. Governments must continue to enhance cybersecurity measures to protect against sophisticated cybercriminal enterprises like ALPHV, which have a history of rebranding and evading law enforcement. The incident serves as a reminder of the ongoing battle against ransomware and the importance of proactive measures to prevent future attacks.