ALPHV claims cyberattacks on Prudential Financial, LoanDepot The Register

The ALPHV/BlackCat ransomware group is claiming responsibility for attacks on both Prudential Financial and LoanDepot, making a series of follow-on allegations against them.
Neither company has had any of their stolen data leaked at this stage, although if negotiations continue to stall as ALPHV says they have, then a data dump may not be too far away.
ALPHV has now made a number of inflammatory allegations against both victims, which of course should be taken with a substantial grain of salt given that they are indeed criminals.
In the case of Prudential Financial, the gang has alleged that the company fibbed in its regulatory filing, which claimed the attackers broke in on February 4 and systems were contained a day later.
The gang said it is currently looking for customers who may wish to buy the stolen data, but will consider releasing it for free.
This follows Prudential's claim that it had seen no evidence of customer or client data being stolen.
It's worth remembering that ALPHV made a name for itself towards the back end of last year for weaponizing regulators against ransomware victims.
In a novel November 2023 case, ALPHV filed an SEC complaint against fintech firm MeridianLink for failing to notify the regulator of a material breach.
Until we hear Prudential's side it's worth exercising some extreme caution before we buy into these claims.
As regards LoanDepot, the company confirmed a breach in early January with the SEC but didn't confirm ransomware's involvement.
If ALPHV was indeed responsible for the attack here, the group has allowed negotiations to carry on for a month and a half.
According to the criminals, LoanDepot's negotiators deployed stalling tactics presumably to delay the release of stolen data.
An initial ransom payment of $6 million was proposed, but it wanted extra time to secure a bigger sum, at least that's ALPHV's claim.
The company stopped replying, apparently.
The Register contacted both Prudential Financial and LoanDepot for comment but neither immediately responded.
Evasive ALPHV. The ALPHV ransomware group continues to frustrate US authorities by terrorizing major organizations under its watch after surviving a takedown attempt in December.
It's not often a cybercrime operation can withstand and overcome attempts to shutter it after international law enforcement sets out to dismantle its infrastructure, but that's what happened in December when ALPHV wrestled the feds for control of its site over the space of a few days.
The group's website is back up and running and affiliates continue to claim major attacks on Western organizations.
It may also not be a coincidence, given that ALPHV is linked to BlackMatter, which itself was linked to DarkSide.
Towards the end of last week, the US announced that it would offer a maximum total reward of $15 million for information leading to the identification or location of ALPHV leadership members and/or their arrest.


This Cyber News was published on go.theregister.com. Publication date: Mon, 19 Feb 2024 14:43:06 +0000


Cyber News related to ALPHV claims cyberattacks on Prudential Financial, LoanDepot The Register

ALPHV claims cyberattacks on Prudential Financial, LoanDepot The Register - The ALPHV/BlackCat ransomware group is claiming responsibility for attacks on both Prudential Financial and LoanDepot, making a series of follow-on allegations against them. Neither company has had any of their stolen data leaked at this stage, ...
10 months ago Go.theregister.com
ALPHV ransomware claims loanDepot, Prudential Financial breaches - The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot. The two companies were added to ALPHV's dark web leak site today, with the threat ...
10 months ago Bleepingcomputer.com
#StopRansomware: ALPHV Blackcat - The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service identified through FBI ...
1 year ago Cisa.gov
US mortgage lender loanDepot confirms ransomware attack - Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption. LoanDepot is a major nonbank mortgage lender in the United States, with over $140 billion in ...
11 months ago Bleepingcomputer.com
Prudential Financial now says 2.5 million impacted by data breach - Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach. According to an 8-K form filed with the U.S. Securities and Exchange ...
5 months ago Bleepingcomputer.com
Guardians of Finance: loanDepot Confronts Alleged Ransomware Offensive - Among the leading lenders in the United States, loanDepot has confirmed that the cyber incident it announced over the weekend was a ransomware attack that encrypted data. In the United States, LoanDepot is one of the biggest nonbank mortgage lenders. ...
11 months ago Cysecurity.news
LoanDepot Data Breach Hits 16.6 Customers - LoanDepot, one of the largest US-based retail mortgage lenders, has confirmed that around 16.6 million of its customers have had their personal information stolen. In a new filing to the US Securities and Exchange Commission on January 22, LoanDepot ...
10 months ago Infosecurity-magazine.com
Prudential Financial breached in data theft cyberattack - Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later. This leading global financial services Fortune 500 ...
10 months ago Bleepingcomputer.com
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
1 year ago Bleepingcomputer.com
Mortgage firm loanDepot cyberattack impacts IT systems, payment portal - U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans. LoanDepot is one of the largest nonbank retail mortgage lenders in the USA, employing ...
11 months ago Bleepingcomputer.com
Prudential Financial Faces Cybersecurity Breach - Prudential Financial has disclosed a cybersecurity breach. Detected on February 5 2024, the breach involved unauthorized access to certain company systems. In a filing with the US Securities and Exchange Commission on February 12 2024, Prudential ...
10 months ago Infosecurity-magazine.com
Prudential Data Breach Victim Count Soars to 2.5M - After initially disclosing a data breach in February to the Securities and Exchange Commission that it said was not materially impacting, Prudential Financial has updated its notice with a revised total number of affected residents - a number ...
5 months ago Darkreading.com
US offers up to $15 million for tips on ALPHV ransomware gang - The U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders. An additional $5 million bounty is also available for tips on individuals ...
10 months ago Bleepingcomputer.com
Prudential revises breach notice to say 2.5 million affected by February incident - More than 2.5 million people potentially had information leaked during a February breach of insurance giant Prudential, according to updated documents filed with regulators. In March, Prudential said the names, addresses, driver's license numbers or ...
5 months ago Therecord.media
A Comprehensive Look at the Financial Firms in European Union and Their Rules on Cloud-Based Services - Today's technology has opened up a world of possibilities for financial firms, especially with cloud-based services. Financial institutions are now able to access a great deal of information over the internet in an efficient and timely manner. ...
1 year ago Tripwire.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
US offering $15m for info on ALPHV/Blackcat ransomware crew The Register - Infosec in brief The US government is offering bounties up to $15 million as a reward for anyone willing to help it take out the APLHV/Blackcat ransomware gang. ALPHV has made a habit of going after critical infrastructure targets, and last week ...
10 months ago Go.theregister.com
Prudential Financial data breach impacts 2.5 million people, not 36,000 as first thought - In February 2024, Prudential Financial reported it had fallen victim to a ransomware attack. The attack was discovered one day after it started, but not before some 2.5 million people had been impacted by the resulting data breach. As one of the ...
5 months ago Malwarebytes.com
Ransomware Groups Gain Clout With False Attack Claims - The cybersecurity community is getting duped by fake breach claims from ransomware groups, experts say - and ransomware misinformation is a threat they predict will only grow in the coming months. The cybersecurity community should know that ...
10 months ago Darkreading.com
LoanDepot hit by BlackCat (ALPHV) Ransomware Gang - Actor: BlackCat (ALPHV) ...
10 months ago Twitter.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
Cactus ransomware claim to steal 1.5TB of Schneider Electric data - The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month. 25MB of allegedly stolen were also leaked on the operation's dark web leak site today as proof of the threat actor's ...
10 months ago Bleepingcomputer.com
FBI disrupts Blackcat ransomware operation, creates decryption tool - The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. On December 7th, BleepingComputer first reported that the ALPHV, aka ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)