The recent network breaches of the mortgage lender loanDepot and Fortune 500 company Prudential Financial have been attributed to the ALPHV/Blackcat ransomware gang.
The threat actors still need to publish evidence to support their claims, so the two businesses were today added to ALPHV’s dark web leak site. After unsuccessful negotiations, ALPV intends to release Prudential’s data for free and sell the network data that was stolen from loanDepot.
Two days after declaring the ransomware attack as a” cyber incident” on January 6, loanDepot revealed that at least 16.6 million people had their personal information stolen in the attack.
The business promised to provide free credit monitoring and identity protection services to those affected by the data breach.
With over$ 160 billion in serviced loans and about 6,000 employees, LoanDepot is one of the biggest nonbank retail mortgage lenders in the United States.
A suspected cybercrime group broke into Prudential Financial’s network on February 4 and stole contractor and employee data, the company also disclosed on Tuesday.
Prudential stated that despite an ongoing investigation looking into the incident’s full scope and effects, there is still no proof that the attackers deleted any client or customer data.
With reported revenues of more than$ 50 billion in 2023 and a workforce of 40, 000 people worldwide, this Fortune 500 company for financial services is the second-largest life insurance provider in the United States.
The U.S. State Department announced rewards of up to$ 10 million on Thursday for information that could help identify or locate ALPHV gang leaders.
For information on people connected to or trying to take part in ALPHV ransomware attacks, a further$ 5 million reward is being offered.
Between November 2021 and March 2022, the FBI linked this gang’s first four months of activity to more than 60 breaches across the globe. According to the law enforcement organization, ALPHV collected ransom payments from more than 1,000 victims totaling at least$ 300 million as of September 2023.
The DarkSide and BlackMatter ransomware operations are thought to have been rebranded when ALPHV first appeared in November 2021.
After the Colonial Pipeline attack, which sparked extensive investigations by law enforcement agencies around the world and caused the operation to undergo two rebrandings, the group gained notoriety on a global scale.
After breaching the gang’s servers months earlier and developing a decryption tool, the FBI temporarily shut down its Tor negotiation and leak sites in December.
With the aid of private keys they still had, ALPHV has since “unseized” their data leak site, and the FBI has yet to take down a new Tor leak website.