The ALPHV/BlackCat ransomware group is claiming responsibility for attacks on both Prudential Financial and LoanDepot, making a series of follow-on allegations against them.
Neither company has had any of their stolen data leaked at this stage, although if negotiations continue to stall as ALPHV says they have, then a data dump may not be too far away.
ALPHV has now made a number of inflammatory allegations against both victims, which of course should be taken with a substantial grain of salt given that they are indeed criminals.
In the case of Prudential Financial, the gang has alleged that the company fibbed in its regulatory filing, which claimed the attackers broke in on February 4 and systems were contained a day later.
The gang said it is currently looking for customers who may wish to buy the stolen data, but will consider releasing it for free.
This follows Prudential's claim that it had seen no evidence of customer or client data being stolen.
It's worth remembering that ALPHV made a name for itself towards the back end of last year for weaponizing regulators against ransomware victims.
In a novel November 2023 case, ALPHV filed an SEC complaint against fintech firm MeridianLink for failing to notify the regulator of a material breach.
Until we hear Prudential's side it's worth exercising some extreme caution before we buy into these claims.
As regards LoanDepot, the company confirmed a breach in early January with the SEC but didn't confirm ransomware's involvement.
If ALPHV was indeed responsible for the attack here, the group has allowed negotiations to carry on for a month and a half.
According to the criminals, LoanDepot's negotiators deployed stalling tactics presumably to delay the release of stolen data.
An initial ransom payment of $6 million was proposed, but it wanted extra time to secure a bigger sum, at least that's ALPHV's claim.
The company stopped replying, apparently.
The Register contacted both Prudential Financial and LoanDepot for comment but neither immediately responded.
Evasive ALPHV. The ALPHV ransomware group continues to frustrate US authorities by terrorizing major organizations under its watch after surviving a takedown attempt in December.
It's not often a cybercrime operation can withstand and overcome attempts to shutter it after international law enforcement sets out to dismantle its infrastructure, but that's what happened in December when ALPHV wrestled the feds for control of its site over the space of a few days.
The group's website is back up and running and affiliates continue to claim major attacks on Western organizations.
It may also not be a coincidence, given that ALPHV is linked to BlackMatter, which itself was linked to DarkSide.
Towards the end of last week, the US announced that it would offer a maximum total reward of $15 million for information leading to the identification or location of ALPHV leadership members and/or their arrest.
This Cyber News was published on go.theregister.com. Publication date: Mon, 19 Feb 2024 14:43:06 +0000