This week:

3 – If you pay once, you may have to pay again.

2 – In unrelated news, most victims don’t pay.

1 – One scam. One murder. Two victims.


3 – If you pay once, you may have to pay again.

The company confirmed that it paid a ransom to avoid patient data from being sold to cybercriminals or leaked publicly.

This is a statement from UnitedHealth Group, and quoted in a recent report on Bleeping Computer. It comes after the company suffered a ransomware attack that resulted in the theft of 6,000 GB of patient data. The attack caused significant problems across the US, impacting “a range of critical services used by healthcare providers and pharmacies across the U.S., including payment processing, prescription writing, and insurance claims”. According to other news reports, the number of people whose data was stolen “could cover a substantial proportion of people in America”.

The total cost of the attack is estimated to be $870 million so far, with the eventual cost estimated to be $1.6 billion.

That’s not a typo. I did type ‘billion’.

But that’s not the only bad news. According to Bleeping Computer, UnitedHealth Group paid a $22 million ransom to one cyber gang in return for their promise not to sell or publish the stolen patient data. Unfortunately, another gang then popped up to say they had the data, and demanded another ransom in return for their promise not to publish the data.

So what? You may feel like you have no choice but to pay a ransom in return for promises from a criminal gang. Unfortunately, that first payment may not be the last.


2 – In unrelated news, 72% of ransomware victims don’t pay.

“More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up.”

This is according to Coveware (an incident response firm) and quoted in a recent article on Help Net Security. Apparently, in Q1 2024, only 28% of ransomware victims paid the ransom demand. This is a record low.

There appears to be two reasons for this:

  • Firstly, “victim organizations are increasingly able to withstand an encryption attack and restore operations without the need [to pay the ransom]”. To say the same thing in fewer words: They have backups that cannot be deleted by the attackers.
  • Secondly, and as demonstrated in the UnitedHealth incident, “stolen data is often leaked or traded even after the victims have paid the ransom, which repeatedly proves that paying up is no guarantee”. To say the same thing in fewer words: You can’t trust the promises of criminals. (Shocking, isn’t it?)

So what? You may feel like you have no choice but to pay a ransom in return for promises from a criminal gang. But why would you trust the criminal gang?


1 – One cyber scam. Two victims.

“It was a common scam that ended with an uncommon outcome.”

This is a sad story that was recently reported by AP News (and shared by Secure The Village). A pensioner in Ohio fatally shot an Uber driver under the mistaken belief the driver was involved in a scam, known as a grandparent scam, to exploit him by falsely claiming a relative needed urgent financial help. The innocent Uber driver was sent to the address by the scammer to pick up a package. The driver had no idea the ‘package’ was going to be the pensioner’s savings or that the pensioner’s suspicions would lead him to shoot her.

The Uber driver is now dead. The pensioner is now facing murder charges. And the cyber attacker? No-one knows.

So what? It’s a sad story with two victims and two grieving families. The incident highlights how scammers target the vulnerable, and how their scams can have unintended and deadly consequences that seldom affect the scammers themselves.