ALPHV steps up laundering of Change Healthcare ransom payments | CyberScoop<\/title> <meta name=\"description\" content=\"As the ransomware group moves to hide its $22 million, its affiliate notchy is laying low after reportedly being stiffed on payment. \"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"ALPHV steps up laundering of Change Healthcare ransom payments\"> <meta property=\"og:description\" content=\"As the ransomware group moves to hide its $22 million, its affiliate notchy is laying low after reportedly being stiffed on payment. \"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-04-05T17:25:00+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1712084567g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1710965597g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1711866546g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/80010\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=80010\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Falphv-steps-up-laundering-of-change-healthcare-ransom-payments%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Falphv-steps-up-laundering-of-change-healthcare-ransom-payments%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-80010 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.550847457627\">\n<div class=\"single-article__header-content\" readability=\"31.251063829787\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> As the ransomware group moves to hide its $22 million, its affiliate notchy is laying low after reportedly being stiffed on payment. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> One hacker sitting in the dark room in front of his computers, hacking some internet data. (South_agency\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"92.296845779828\"><body readability=\"185.34302921579\"><\/p>\n<p>Six weeks after executing an attack that <a href=\"https:\/\/cyberscoop.com\/ransomware-alphv-healthcare-pharmacies\/\">crippled parts of the U.S. health care system<\/a>, the cybercrime gang linked to the incident has picked up the pace of laundering the proceeds of an alleged ransom payment, even as the hackers implicated in the breach continue to maintain a low profile. <\/p>\n<p>The ransomware group ALPHV claimed responsibility for the Feb. 21 attack on Change Healthcare, a payment processor that touches 1 in 3 American patient records. The attack on Change limited the ability of pharmacies and health care providers to receive payments and has placed severe strain on the U.S. health care system.<\/p>\n<p>Earlier this month, cybercrime researchers reported that a bitcoin wallet linked to previous <a href=\"https:\/\/cyberscoop.com\/ransomware-group-behind-change-healthcare-attack-goes-dark\/\">ALPHV ransoms had received $22 million<\/a>, fueling speculation that Change\u2019s parent company, UnitedHealth Group, had ponied up a ransom payment.<\/p>\n<p>Now, ALPHV appears to be moving to further obscure the destination of those funds. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>According to blockchain intelligence firm TRM Labs, funds have recently been moved from bitcoin wallets linked to other ransoms paid to ALPHV, with these funds transferred to multiple other addresses and through a mixer, a tool used to obfuscate transactions that can be tracked on a public ledger. <\/p>\n<p>\u201cOver the last week or so we have seen increased laundering activity,\u201d Ari Redbord, TRM Labs\u2019s global head of policy, told CyberScoop in an email. On March 27, for instance, TRM Labs observed 50 bitcoin \u2014 approximately $3.5 million \u2014 \u201cmove from wallets associated with the group to a mixing service. In addition, between March 22nd & 27th, we saw multiple withdrawals by wallets associated with the ransomware group and sent to a global exchange.\u201d<\/p>\n<p>The FBI declined to comment on the status of its investigation of the incident. <\/p>\n<p>Against the backdrop of ALPHV moving to obscure the funds it reportedly extorted from UnitedHealth Group, the incident remains dogged by unanswered questions, in particular regarding the ransomware affiliate that carried out the attack on Change. <\/p>\n<p>Ransomware groups like ALPHV operate on an affiliate model. Affiliates carry out ransomware attacks using ALPHV\u2019s tools in exchange for splitting the proceeds of any ransomware payments. In the Change incident, an affiliate going by the handle \u201cnotchy\u201d claimed to have carried out the attack only to be cut out when the ransom was paid.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>In recent weeks, notchy has grown quiet after accusing ALPHV of double-crossing them. According to notchy, ALPHV never provided them with their share of the $22 million payment from UnitedHealth. Instead, ALPHV shut down their site and falsely claimed that they had been the victim of a law enforcement takedown operation. <\/p>\n<p>Following the breach of Change, notchy claimed to have obtained four terabytes of data related to the company\u2019s major partners, including CVS Caremark, among others. A spokesperson for CVS Caremark told CyberScoop it was aware of the \u201cunsubstantiated statement\u201d that was posted in connection with the attack, but \u201cat this time Change Healthcare has not confirmed whether any member or patient information it holds, including CVS Health or CVS Caremark information, was impacted by this incident.\u201d <\/p>\n<p>The other entities notchy claimed to have data on include Medicare, Tricare, Loomis, Davis Vision, Health Net, MetLife and Teachers Health Trust, along with \u201ctens of insurance companies and others.\u201d None of the others responded to requests for comment.<\/p>\n<p>It\u2019s not clear whether notchy is actually in possession of that data, but having been stiffed by ALPHV out of its share of a lucrative ransom, the data would represent a major asset.<\/p>\n<p>A UnitedHealth Group spokesperson did not respond to CyberScoop\u2019s questions about the company\u2019s understanding of any outstanding data. UnitedHealth Group is \u201cstill determining the content of the data that was taken by the threat actor,\u201d including protected health information or personally identifiable information, the company said in <a href=\"https:\/\/www.unitedhealthgroup.com\/changehealthcarecyberresponse\">an update posted to its website<\/a> March 27. The spokesperson said Wednesday that that post is the \u201cmost up-to-date information\u201d the company has to share. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Cybercrime researchers say they have not yet seen the data being offered for sale, but immediately following the attack, notchy posted a message looking to work with people to continue to carry out attacks, only to quickly shut down the thread.<\/p>\n<p>\u201cI think it\u2019s more of a lay low type of situation for the time being,\u201d said Garrett Carstens, vice president of intelligence operations at Intel471. <\/p>\n<p>If notchy, or any threat actor for that matter, is in fact in possession of the data they claim, Carstens said, the major concern is that it could be mined for clues to target other networks. Notchy is an effective threat actor, he added, with Intel471\u2019s analysis suggesting that the group had the ability to compromise new networks at a rate of about \u201ca dozen a week\u201d around the time of the Change Healthcare attack.<\/p>\n<p>Relatively little is known about notchy, but the moniker may be operated by more than one person, as it uses plural pronouns when referring to itself. The username was first registered on the Russian-language RAMP forum in December 2021, but posted for the first time in August 2022 and only posted 11 times total, according to the cybersecurity firm KELA. <\/p>\n<p>Notchy is possibly linked to at least two other handles on another cybercrime forum, Exploit. The two handles may be linked, in turn, to at least one handle on Telegram that has been active in English and Russian-language channels related to credit card fraud activities and information-stealer malware, according to KELA. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>According to Telegram chatlogs provided by Unit 221B, a cybersecurity firm, a since-deleted Telegram handle possibly linked to notchy posted in May 2022 in a marketplace for stolen login credentials, asking about the availability of \u201cUS only\u201d virtual private network credentials related to remote desktop applications \u2014 a probable indication of the techniques and types of targets of interest to the notchy persona. <\/p>\n<p>Credentials are frequently obtained with info-stealer malware, which gather personal data from a target\u2019s browser metadata. Between July 1, 2021 and June 30, 2022, for instance, <a href=\"https:\/\/www.group-ib.com\/media-center\/press-releases\/hi-tech-crime-trends-2022-2023\/\">researchers with Group-IB found<\/a> that 96 million logs were offered for sale across various forums, 80% of which came from U.S. users.<\/p>\n<p>Notchy typically posts in English, Carstens said, but can likely understand Russian. It also seems that notchy likes to conduct business primarily on Moscow Standard Time, but Carstens cautioned against assigning much significance to that fact. <\/p>\n<p>To substantiate its claims of having been defrauded by ALPHV, notchy posted screenshots of its conversations with ALPHV admins on the messaging platform Tox, as well as a link to the cryptocurrency wallet that received the alleged ransomware payment from United HealthGroup. That screenshot was the first exposure to the wider world of the wallet that received a 350 bitcoin transaction on March 1 that is believed to be United\u2019s ransomware payment. <\/p>\n<p>ALPHV responded on RAMP saying that they decided to \u201ccompletely close the project,\u201d and that \u201cwe can officially declare the feds screwed us over.\u201d Some ALPHV infrastructure had been <a href=\"https:\/\/cyberscoop.com\/fbi-seizes-alphv-leak-website-hours-later-ransomware-gang-claims-it-unseized-it\/\">seized<\/a> by the FBI and other agencies in December 2023, but the group took some of it back and revamped the site at a new address.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>RAMP administrators banned ALPHV from the forum on March 6 after concluding that ALPHV had scammed the affiliate, according to KELA.<\/p>\n<p>Ultimately, notchy isn\u2019t wholly unique, Carstens said, calling them \u201cone of many pretty capable threat actors that are out there that play in this world of ransomware.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.25\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments-1.jpg?w=640&ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ALPHV steps up laundering of Change Healthcare ransom payments |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[950,1603,337,282,46],"tags":[955,1605,340,286,54],"class_list":["post-2949","post","type-post","status-publish","format-standard","hentry","category-alphv","category-change-healthcare","category-cryptocurrency","category-cybercrime","category-ransomware","tag-alphv","tag-change-healthcare","tag-cryptocurrency","tag-cybercrime","tag-ransomware"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/alphv\/\" rel=\"category tag\">ALPHV<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/change-healthcare\/\" rel=\"category tag\">Change Healthcare<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cryptocurrency\/\" rel=\"category tag\">cryptocurrency<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a>","tag_info":"ransomware","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2949","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2949"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2949\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2949"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2949"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2949"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":2949,"date":"2024-04-05T12:25:00","date_gmt":"2024-04-05T17:25:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=80010"},"modified":"2024-04-05T12:25:00","modified_gmt":"2024-04-05T17:25:00","slug":"alphv-steps-up-laundering-of-change-healthcare-ransom-payments","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/04\/05\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments\/","title":{"rendered":"ALPHV steps up laundering of Change Healthcare ransom payments"},"content":{"rendered":"