In February 2024, **Change Healthcare**, a critical division of UnitedHealth Group, fell victim to a devastating **BlackCat/ALPHV ransomware attack**. The assault crippled its systems, disrupting prescription processing, medical claims, and payment operations across the U.S. healthcare sector. Over **100 million individuals** were impacted due to service outages, with hospitals, pharmacies, and insurers facing delays in billing, reimbursements, and patient care. The company paid a **$22 million ransom**, but total financial losses ballooned to an estimated **$2 billion**, factoring in operational downtime, recovery costs, and reputational damage. The attack exposed vulnerabilities in third-party supply chains, as the breach originated from compromised credentials in a connected vendor system. Regulatory scrutiny intensified, with federal investigations probing compliance failures under **HIPAA** and cybersecurity negligence. The incident underscored the escalating threat of **RaaS (Ransomware-as-a-Service)** models, where affiliate hackers leverage sophisticated tools to target high-value sectors like healthcare, exploiting systemic interdependencies for maximum disruption.
Source: https://learn.g2.com/ransomware-statistics
TPRM report: https://www.rankiteo.com/company/change-healthcare
"id": "cha455090325",
"linkid": "change-healthcare",
"type": "Ransomware",
"date": "2/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '100M+',
'industry': 'healthcare IT',
'location': 'USA',
'name': 'Change Healthcare (UnitedHealth Group)',
'size': 'large (100M+ people affected)',
'type': 'healthcare'},
{'customers_affected': 'thousands of dealerships',
'industry': 'automotive retail',
'location': 'USA, Canada',
'name': 'CDK Global',
'size': 'large',
'type': 'corporation'},
{'customers_affected': 'US East Coast fuel supply',
'industry': 'energy/oil',
'location': 'USA',
'name': 'Colonial Pipeline',
'size': 'large',
'type': 'corporation'},
{'customers_affected': 'global meat supply chain',
'industry': 'food/agriculture',
'location': 'global (HQ: Brazil)',
'name': 'JBS S.A.',
'size': 'large',
'type': 'corporation'},
{'customers_affected': '2,700+ organizations, 93.3M '
'individuals',
'industry': 'software/IT',
'location': 'global',
'name': 'MOVEit (Progress Software)',
'size': 'large',
'type': 'corporation'},
{'industry': 'retail',
'location': 'UK',
'name': 'Marks & Spencer',
'size': 'large',
'type': 'corporation'},
{'industry': 'healthcare',
'location': 'USA',
'name': 'CommonSpirit Health',
'size': 'large',
'type': 'healthcare'},
{'customers_affected': '9.7M',
'industry': 'health insurance',
'location': 'Australia',
'name': 'Medibank Private',
'size': 'large',
'type': 'healthcare'},
{'industry': 'IT services',
'location': 'global (HQ: USA)',
'name': 'Cognizant',
'size': 'large',
'type': 'corporation'},
{'customers_affected': 'residents',
'industry': 'public administration',
'location': 'USA (Maryland)',
'name': 'Baltimore City Government',
'size': 'municipal',
'type': 'government'},
{'industry': 'healthcare',
'location': 'Croatia',
'name': 'University Hospital Center Zagreb',
'size': 'large (largest in Croatia)',
'type': 'healthcare'},
{'customers_affected': '254K users (Niconico)',
'industry': 'publishing/media',
'location': 'Japan',
'name': 'Kadokawa Corporation',
'size': 'large',
'type': 'corporation'},
{'customers_affected': '726K',
'industry': 'banking',
'location': 'USA',
'name': 'Patelco Credit Union',
'size': 'medium',
'type': 'financial'},
{'industry': 'public administration',
'location': 'Spain',
'name': 'Spanish Tax Agency (Agencia Tributaria)',
'size': 'large',
'type': 'government'},
{'industry': 'logistics/trade',
'location': 'Japan',
'name': 'Port of Nagoya',
'size': 'large (10% of Japan’s trade)',
'type': 'infrastructure'},
{'industry': 'education/culture',
'location': 'UK',
'name': 'British Library',
'size': 'large',
'type': 'public institution'},
{'industry': 'technology/manufacturing',
'location': 'USA',
'name': 'Sensata Technologies',
'size': 'large',
'type': 'corporation'},
{'customers_affected': '500K clients',
'industry': 'auction/art',
'location': 'global (HQ: UK)',
'name': 'Christie’s',
'size': 'large',
'type': 'corporation'}],
'attack_vector': ['phishing emails (67% of attacks in North America)',
'software vulnerabilities (32% of attacks)',
'RDP compromise (30% in SMBs)',
'stolen credentials (29%)',
'unmanaged third-party integrations (25%)',
'zero-day exploits (e.g., MOVEit)',
'RaaS (Ransomware-as-a-Service)',
'botnet malware (e.g., Qakbot, DanaBot)',
'AI-generated phishing lures',
'unpatched systems'],
'customer_advisories': ['Credit monitoring for affected individuals (e.g., '
'Patelco Credit Union, Healthcorps)',
'Password reset recommendations (e.g., after '
'credential leaks)',
'Fraud alerts for financial data exposure (e.g., '
'Spanish Tax Agency)',
'Healthcare providers’ notifications to patients '
'(e.g., Medibank, CommonSpirit)'],
'data_breach': {'data_encryption': ['WannaCry (2017, 300K+ computers)',
'Colonial Pipeline (2021)',
'CDK Global (2024)',
'Change Healthcare (2024)',
'Port of Nagoya (2023)'],
'data_exfiltration': ['MOVEit (Clop gang, 2023)',
'BlackCat/ALPHV (Change Healthcare, '
'2024)',
'REvil (JBS, Kaseya, 2021)',
'Lapsus$ (Nvidia, Samsung, 2022)',
'Babuk (Washington DC Police, 2021)',
'Rhysida (British Library, 2023)'],
'file_types_exposed': ['databases (e.g., patient records, '
'customer data)',
'documents (e.g., corporate secrets, '
'legal files)',
'emails (e.g., phishing lures, '
'credentials)',
'source code (e.g., Samsung, Nvidia)',
'financial records (e.g., Spanish Tax '
'Agency)'],
'number_of_records_exposed': ['93.3M (MOVEit, 2023)',
'9.7M (Medibank, 2022)',
'5.6M (Healthcorps, 2024)',
'726K (Patelco Credit Union, '
'2024)',
'254K (Kadokawa/Niconico, 2024)',
'500K (Christie’s, 2025)',
'1.4M (Lubbock County, 2019)',
'70K (Nvidia, 2022)'],
'personally_identifiable_information': ['names, addresses, '
'SSNs (e.g., Patelco '
'Credit Union)',
'medical histories '
'(e.g., Medibank, '
'Healthcorps)',
'payment card data '
'(e.g., retail '
'breaches)',
'biometric data '
'(e.g., healthcare '
'breaches)'],
'sensitivity_of_data': ['high (PII, medical, financial, '
'corporate secrets)'],
'type_of_data_compromised': ['PII (e.g., Medibank, Patelco '
'Credit Union)',
'medical records (e.g., '
'CommonSpirit, Healthcorps)',
'payment information (e.g., '
'Spanish Tax Agency)',
'corporate secrets (e.g., Apple '
'blueprints via Quanta)',
'government data (e.g., '
'Washington DC Police, Costa '
'Rica)',
'student/employee data (e.g., '
'Munster Technological '
'University)',
'customer data (e.g., '
'Christie’s, Marks & Spencer)']},
'description': 'The last decade has seen a steep increase in ransomware '
'attacks across healthcare, medicine, and supply chains. '
'Threat actors now use RaaS, triple extortion, supply chain '
'attacks, and phishing to coerce companies into paying '
'ransoms. Notable incidents include WannaCry (2017), Colonial '
'Pipeline (2021), MOVEit (2023), Change Healthcare (2024), and '
'CDK Global (2024). Ransom payments and financial losses have '
'surged, with the average ransom payment reaching $2.73M in '
'2024. Industries like healthcare, education, and financial '
'services remain top targets, while AI-driven phishing and '
'zero-day exploits are rising trends.',
'impact': {'brand_reputation_impact': ['leaked sensitive data (e.g., '
'Washington DC Police, British '
'Library)',
'loss of trust in healthcare (e.g., '
'Medibank, Healthcorps)',
'publicized breaches (e.g., '
'Christie’s, 2025)'],
'data_compromised': ['93.3M individuals (MOVEit, 2023)',
'9.7M medical records (Medibank, 2022)',
'5.6M patient records (Healthcorps, 2024)',
'726K customers (Patelco Credit Union, 2024)',
'254K users (Kadokawa/Niconico, 2024)',
'500GB (Spanish Tax Agency, 2024)',
'1TB (Nvidia, 2022)',
'190GB (Samsung, 2022)',
'65GB (British Library, University of Hawaii, '
'2023)',
'PII, payment info, medical records, '
'corporate secrets (e.g., Apple blueprints '
'via Quanta, 2021)'],
'downtime': ['1 month (Baltimore, 2019)',
'7 months (Sky Lakes Medical Center, 2021)',
'prolonged disruptions (Change Healthcare, CDK '
'Global, 2024)',
'manual processes (University Hospital Center Zagreb, '
'2024)'],
'financial_loss': ['$4B (WannaCry, 2017)',
'$18M (Baltimore, 2019)',
'$50M–$70M (Cognizant, 2020)',
'$4.4M (Colonial Pipeline) + $11M (JBS, 2021)',
'$1.1B (MOVEit breaches, 2023)',
'$22M ransom + $2B losses (Change Healthcare, '
'2024)',
'$25M (CDK Global, 2024)',
'$160M (CommonSpirit Health, 2022)',
'$300M (Marks & Spencer, 2024–2025)',
'$4B (Sensata Technologies, 2025)',
'Average ransom payment: $2.73M (2024, up from '
'$1.5M in 2023)',
'Average cost per attack: $5.13M (2025, +574% '
'since 2019)'],
'identity_theft_risk': ['9.7M medical records (Medibank, 2022)',
'5.6M patient records (Healthcorps, 2024)',
'726K customers (Patelco Credit Union, '
'2024)',
'500K clients (Christie’s, 2025)'],
'legal_liabilities': ['fines for regulatory violations (e.g., '
'GDPR, HIPAA)',
'lawsuits from affected customers (e.g., '
'patients, credit union members)',
'SEC disclosures (e.g., Sensata '
'Technologies, 2025)'],
'operational_impact': ['fuel shortages (Colonial Pipeline, 2021)',
'meat supply disruption (JBS, 2021)',
'healthcare service outages (CommonSpirit, '
'Change Healthcare)',
'auto sales halted (CDK Global, 2024)',
'container operations destroyed (Port of '
'Nagoya, 2023)',
'online retail disruptions (Marks & '
'Spencer, 2024–2025)',
'government crises (Costa Rica, 2022)'],
'payment_information_risk': ['credit card data (e.g., Patelco '
'Credit Union, 2024)',
'financial records (e.g., Spanish Tax '
'Agency, 2024)',
'cryptocurrency theft (e.g., '
'CoinDash, 2017)'],
'revenue_loss': ['$2B (Change Healthcare, 2024)',
'$300M (Marks & Spencer, 2024–2025)',
'$160M (CommonSpirit Health, 2022)',
'stock price drops (e.g., Carnival Corp, 2020)',
'market cap drop of £1B (Marks & Spencer, 2025)'],
'systems_affected': ['300K+ computers (WannaCry, 150+ countries, '
'2017)',
'650 servers + 150 apps (Sky Lakes Medical '
'Center, 2021)',
'800 servers (Costa Rica government, 2022)',
'10TB data (Canon, 2020)',
'740GB (Toshiba, 2021)',
'1.4M patient records (Lubbock County, 2019)',
'Port of Nagoya (10% of Japan’s trade '
'disrupted, 2023)',
'thousands of dealerships (CDK Global, 2024)',
'US fuel supply (Colonial Pipeline, 2021)',
'US meat supply (JBS, 2021)']},
'initial_access_broker': {'backdoors_established': ['common in RaaS attacks '
'(e.g., LockBit, '
'BlackCat)',
'persistent access via '
'RDP or VPN flaws'],
'data_sold_on_dark_web': ['PII (e.g., Patelco '
'Credit Union, Spanish '
'Tax Agency)',
'corporate data (e.g., '
'Samsung source code, '
'Apple blueprints)',
'medical records (e.g., '
'Medibank, Healthcorps)'],
'entry_point': ['phishing emails (67% of attacks)',
'unpatched vulnerabilities (32%)',
'RDP compromise (30% in SMBs)',
'stolen credentials (29%)',
'third-party software (25%)',
'malicious ads/websites (e.g., Fake '
'Chrome updates for Spora)',
'botnets (e.g., Necurs for Locky, '
'Qakbot for ransomware delivery)'],
'high_value_targets': ['healthcare (e.g., Change '
'Healthcare, Medibank)',
'critical infrastructure '
'(e.g., Colonial Pipeline, '
'Port of Nagoya)',
'supply chain providers '
'(e.g., MOVEit, Kaseya)',
'municipalities (e.g., '
'Baltimore, Lake City)'],
'reconnaissance_period': ['weeks to months (e.g., '
'APT-style attacks)',
'rapid exploitation '
'(e.g., zero-days like '
'MOVEit)']},
'investigation_status': ['Ongoing for recent attacks (e.g., Change '
'Healthcare, CDK Global)',
'Resolved for older cases (e.g., WannaCry, NotPetya)',
'Law enforcement actions (e.g., Qakbot, DanaBot '
'takedowns)',
'Private forensic investigations (e.g., '
'CommonSpirit, Medibank)'],
'lessons_learned': ['RaaS and affiliate models enable rapid scaling of '
'attacks.',
'Triple extortion (encryption + data theft + DDoS) '
'increases pressure to pay.',
'Supply chain attacks (e.g., MOVEit, Kaseya) amplify '
'impact.',
'Unpatched vulnerabilities remain a top entry point.',
'AI and phishing lures are evolving faster than defenses.',
'Immutable backups and segmentation reduce ransom '
'payments.',
'Cyber insurance is critical but increasingly expensive.',
'Public-sector targets (e.g., municipalities, healthcare) '
'face severe operational disruptions.',
'Regulatory fines and legal liabilities extend financial '
'impact beyond ransoms.',
'Collaboration with law enforcement (e.g., Qakbot '
'takedown) can disrupt threat actors.'],
'motivation': ['financial gain (ransom payments, data extortion)',
'disruption of critical infrastructure (e.g., healthcare, '
'supply chains)',
'data theft for dark web sales (e.g., PII, medical records)',
'espionage (e.g., state-linked DanaBot attacks)',
'reputation damage (e.g., leaking sensitive data)'],
'post_incident_analysis': {'corrective_actions': ['mandatory **MFA** '
'implementation',
'accelerated **patch '
'management** for KEV '
'vulnerabilities',
'**network segmentation** '
'to limit blast radius',
'**immutable backups** with '
'offline storage',
'**incident response '
'drills** quarterly',
'**threat hunting** for '
'early detection',
'**vendor risk '
'assessments** for third '
'parties',
'**dark web monitoring** '
'for leaked credentials',
'**AI-driven anomaly '
'detection** (e.g., for '
'phishing)',
'**cyber insurance** policy '
'reviews'],
'root_causes': ['unpatched vulnerabilities (e.g., '
'EternalBlue, MOVEit)',
'lack of MFA (e.g., RDP '
'compromises)',
'poor segmentation (e.g., lateral '
'movement in Colonial Pipeline)',
'inadequate backups (e.g., '
'Baltimore’s $18M recovery)',
'third-party risks (e.g., supply '
'chain attacks)',
'human error (e.g., phishing '
'clicks)',
'insufficient employee training '
'(e.g., recognizing phishing)']},
'ransomware': {'data_encryption': ['widespread across most attacks'],
'data_exfiltration': ['common in double/triple extortion '
'(e.g., Clop, BlackCat)'],
'ransom_demanded': ['$4.4M (Colonial Pipeline, 2021)',
'$11M (JBS, 2021)',
'$50M (Acer, Quanta, 2021)',
'$40M (CNA Financial, 2021)',
'$22M (Change Healthcare, 2024)',
'$25M (CDK Global, 2024)',
'$38M (Spanish Tax Agency, 2024)',
'$50M (Apple supplier Quanta, 2021)',
'$42M (Grubman Shire Meislas, 2020)',
'$1.14M (UCSF, 2020)',
'$400K–$600K (Florida municipalities, '
'2019)'],
'ransom_paid': ['$4.4M (Colonial Pipeline, 2021)',
'$11M (JBS, 2021)',
'$40M (CNA Financial, 2021)',
'$22M (Change Healthcare, 2024)',
'$25M (CDK Global, 2024)',
'$5M (Rackspace, 2022)',
'$1.14M (UCSF, 2020)',
'$2.3M (Travelex, 2020)',
'$460K (Lake City, FL, 2019)',
'$600K (Rivera Beach, FL, 2019)',
'$400K (Jackson County, GA, 2019)'],
'ransomware_strain': ['WannaCry (2017)',
'LockBit (2025, $91M in payments)',
'BlackCat/ALPHV (Change Healthcare, '
'2024)',
'BlackSuit (CDK Global, Kadokawa, 2024)',
'Clop (MOVEit, 2023)',
'REvil (JBS, Kaseya, 2021)',
'Maze (Cognizant, Canon, 2020)',
'Ryuk (Onslow Water, 2019)',
'NetWalker (UCSF, 2020)',
'Sodinokibi (Travelex, 2020)',
'Babuk (Washington DC Police, 2021)',
'Lapsus$ (Nvidia, Samsung, 2022)',
'Rhysida (British Library, 2023)',
'NoEscape (University of Hawaii, 2023)']},
'recommendations': ['Implement **immutable backups** and test recovery '
'processes regularly.',
'Patch systems promptly, prioritizing **CISA KEV '
'vulnerabilities**.',
'Deploy **Multi-Factor Authentication (MFA)** across all '
'access points.',
'Segment networks to **limit lateral movement**.',
'Use **Endpoint Detection and Response (EDR)** and '
'**extended detection (XDR)**.',
'Apply the **principle of least privilege** to minimize '
'attack surfaces.',
'Train employees on **phishing awareness** and social '
'engineering.',
'Monitor **dark web** for leaked credentials or data.',
'Develop and **test incident response plans** annually.',
'Invest in **threat intelligence** to preempt zero-day '
'exploits.',
'Evaluate **cyber insurance** coverage for ransomware '
'scenarios.',
'Isolate **third-party integrations** and vet vendors '
'rigorously.',
'Disable **RDP** where possible; use VPNs with MFA.',
'Prepare for **double/triple extortion** with data leak '
'response plans.',
'Engage **red team exercises** to simulate ransomware '
'attacks.'],
'references': [{'source': 'Statista', 'url': 'https://www.statista.com'},
{'source': 'Sophos State of Ransomware 2024',
'url': 'https://www.sophos.com/en-us/state-of-ransomware'},
{'source': 'IBM Security X-Force Threat Intelligence',
'url': 'https://www.ibm.com/security'},
{'source': 'Chainalysis 2025 Crypto Crime Report',
'url': 'https://www.chainalysis.com'},
{'source': 'Verizon 2025 Data Breach Investigations Report '
'(DBIR)',
'url': 'https://www.verizon.com/business/resources/reports/dbir/'},
{'source': 'CISA Known Exploited Vulnerabilities (KEV) Catalog',
'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog'},
{'source': 'FBI Internet Crime Complaint Center (IC3)',
'url': 'https://www.ic3.gov'},
{'source': 'The Business Research Company (Ransomware Market '
'Report)',
'url': 'https://www.thebusinessresearchcompany.com'},
{'source': 'PurpleSec Ransomware Statistics 2025',
'url': 'https://purplesec.us/ransomware-statistics/'},
{'source': 'DOJ Press Release: Qakbot Takedown (2025)',
'url': 'https://www.justice.gov'},
{'source': 'Cybersecurity Dive',
'url': 'https://www.cybersecuritydive.com'},
{'source': 'BlackKite Ransomware Report 2025',
'url': 'https://www.blackkite.com'}],
'regulatory_compliance': {'legal_actions': ['lawsuits from affected '
'individuals (e.g., patients, '
'customers)',
'DOJ indictments (e.g., 16 '
'Russian nationals for DanaBot, '
'2025)',
'class-action suits (e.g., data '
'breach victims)'],
'regulations_violated': ['GDPR (e.g., European data '
'breaches)',
'HIPAA (e.g., healthcare '
'breaches like Medibank, '
'Change Healthcare)',
'state data breach laws '
'(e.g., California, New '
'York)',
'SEC disclosure rules '
'(e.g., Sensata '
'Technologies, 2025)'],
'regulatory_notifications': ['HHS Office for Civil '
'Rights (healthcare '
'breaches)',
'FBI IC3 (cybercrime '
'reporting)',
'SEC filings (public '
'companies)',
'GDPR notifications '
'(EU breaches)']},
'response': {'communication_strategy': ['public disclosures (e.g., Colonial '
'Pipeline, Change Healthcare)',
'customer notifications (e.g., '
'Patelco Credit Union, Healthcorps)',
'regulatory filings (e.g., Sensata '
'Technologies, SEC)',
'press releases (e.g., British '
'Library, 2023)'],
'containment_measures': ['network isolation (e.g., Change '
'Healthcare, CDK Global)',
'system shutdowns (e.g., Baltimore, '
'2019)',
'disabling RDP access (common in SMBs)',
'patching zero-days (e.g., MOVEit, '
'2023)'],
'enhanced_monitoring': ['recommended post-incident'],
'incident_response_plan_activated': ['Change Healthcare (2024, '
'UnitedHealth Group)',
'CDK Global (2024, $25M '
'ransom paid)',
'Colonial Pipeline (2021, '
'$4.4M ransom paid)',
'JBS (2021, $11M ransom '
'paid)',
'Cognizant (2020, $50M–$70M '
'losses)',
'Baltimore (2019, $18M '
'recovery cost)',
'CommonSpirit Health (2022, '
'$160M losses)',
'Medibank (2022, 9.7M '
'records at risk)'],
'law_enforcement_notified': ['Colonial Pipeline (FBI recovered '
'$2.3M in Bitcoin)',
'Qakbot (DOJ seized $24M, 2025)',
'DanaBot (16 Russian nationals '
'indicted, 2025)',
'Washington DC Police (Babuk leak, '
'2021)'],
'network_segmentation': ['recommended in mitigation strategies'],
'recovery_measures': ['immutable backups (4x faster recovery, '
'50% less likely to pay ransom)',
'cyber insurance claims (58% of '
'large-value claims in H1 2024)',
'manual processes (e.g., University '
'Hospital Center Zagreb, 2024)',
'third-party forensic investigations'],
'remediation_measures': ['data recovery from backups (e.g., Sky '
'Lakes Medical Center, 7 months)',
'decryption tools (e.g., WannaCry kill '
'switch, 2017)',
'rebuilding systems (e.g., Garmin, '
'2020)',
'credential resets (e.g., after stolen '
'credentials used)'],
'third_party_assistance': ['cybersecurity firms (e.g., for '
'Colonial Pipeline, Change '
'Healthcare)',
'DOJ/Europol (Qakbot takedown, 2025)',
'insurance providers (e.g., Syracuse '
'City School District, 2019)']},
'stakeholder_advisories': ['UnitedHealth Group (Change Healthcare breach '
'updates)',
'CDK Global customer notifications (2024)',
'HHS advisories for healthcare sector (2024–2025)',
'CISA alerts on ransomware trends (e.g., '
'#StopRansomware)',
'FBI warnings on RaaS and phishing (2025)'],
'threat_actor': ['LockBit (most prolific in 2025, $91M in payments)',
'RansomHub (most active in 2024–2025)',
'Clop (MOVEit breach, 2023)',
'BlackCat/ALPHV (Change Healthcare, 2024)',
'BlackSuit (CDK Global, Kadokawa, 2024)',
'REvil (JBS, Kaseya, 2021)',
'Lapsus$ (Nvidia, Samsung, Okta, 2022)',
'Babuk (Washington DC Police, 2021)',
'Scattered Spider (Marks & Spencer, 2025)',
'Russian-linked groups (e.g., DanaBot, Qakbot)',
'State-sponsored actors (e.g., 16 Russian nationals indicted '
'for DanaBot)'],
'title': 'Ransomware Attacks Overview (2011–2025)',
'type': ['ransomware',
'data breach',
'supply chain attack',
'phishing',
'triple extortion'],
'vulnerability_exploited': ['EternalBlue (WannaCry, 2017)',
'unpatched Windows SMB flaw (WannaCry)',
'MOVEit Transfer zero-day (Clop gang, 2023)',
'third-party compromises (35.5% of breaches in '
'2024)',
'200+ vulnerabilities in CISA’s KEV catalog '
'(2024–2025)']}