Main

type

5 (blog/news article)

status

21 (imported old-v2, waiting for another import)

review version

0

cleanup version

0

pending deletion

0 (-)

created at

2025-10-27 06:50:56

updated at

2025-10-27 06:50:56

Address

url

https://www.infostealers.com/article/single-citrix-compromised-credential-results-in-22000000-ransom-to-change-healthcare/

url length

122

url crc

8122

url crc32

672473018

location type

1 (url matches target location, page_location is empty)

canonical status

10 (verified canonical url)

canonical page id

2835076830

Source

domain id

27178280

domain tld

2211

domain parts

0

originating warc id

-

originating url

https://data.commoncrawl.org/crawl-data/CC-MAIN-2025-33/segments/1754151280328.73/warc/CC-MAIN-20250811100340-20250811130340-00677.warc.gz

source type

11 (CommonCrawl)

Server response

server ip

18.153.244.78

Publication date

2025-08-11 11:12:16

Fetch attempts

0

Original html size

151987

Normalized and saved size

112448

Content

title

Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare

excerpt

content

In late February 2024 Change Healthcare suffered a devastating ransomware attack which led to major disruptions to the company’s platform, estimated at a staggering $872,000,000 The attack which was carried out by BlackCat ransomware group also resulted in a $22,000,000 ransom payment. But how did this happen? In a testimony by Andrew Witty, Change Healthcare’s CEO, it is revealed that the hackers gained access using a single compromised Citrix credential on an account that had no MFA in place — “While we will learn more and our understanding may change, here’s what I can share today. On February 12, criminals used compromised credentials to remotely access a Change Healthcare Citrix portal, an application used to enable remote access to desktops. The portal did not have multi-factor authentication. Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data. Ransomware was deployed nine days later...

author

updated

1762165459

Text analysis

block type

0

extracted fields

233

extracted bits

featured image
title
full content
content was extracted heuristically
OpenGraph suggests this is an article

detected location

0

detected language

1 (English)

category id

Ransomware (18)

index version

2025110801

paywall score

0

spam phrases

0

Text statistics

text nonlatin

0

text cyrillic

0

text characters

2710

text words

493

text unique words

258

text lines

1

text sentences

11

text paragraphs

1

text words per sentence

44

text matched phrases

6

text matched dictionaries

7