The Blackcat/ALPHV ransomware gang has announced that they are responsible for infiltrating the networks of Prudential Financial, and for the loanDepot data breach. However, the group has yet to provide evidence of their claims.
ALPHV ransomware group plans to sell the data stolen from loanDepot breach, while they intend to release data from Prudential financial breach for free due to unsuccessful negotiations.
The loanDepot Data Breach
On January 22, loanDepot disclosed that approximately 16.6 million individuals had their personal information compromised in the ransomware attack. This disclosure came after initially referring to it as a “cyber incident” on January 6, and confirming it as a ransomware attack on January 8.
loanDepot has announced that they will be contacting individuals affected by the data breach and offering them complimentary credit monitoring and identity protection services.
Prudential Financial Breach
In a separate incident, Prudential Financial disclosed on Tuesday that an alleged cybercrime group, now confirmed to be the ALPHV/Blackcat ransomware, successfully infiltrated their network on February 4. During the breach, employee and contractor data was compromised.
Prudential has confirmed that they are currently conducting an investigation to determine the extent and impact of the incident. However, they have not found any evidence to suggest that the attackers also accessed customer or client data.
US State Dept Issues Bounty on ALPHV/Blackcat Ransomware Group
In a related development, the U.S. State Department has recently announced rewards of up to $10 million for any valuable information that could assist in identifying or locating the leaders of the ALPHV ransomware gang responsible for these cybercrimes.
Furthermore, an additional reward of $5 million is being offered for any information regarding individuals associated with or involved in ALPHV/ Blackcat ransomware attacks.
The FBI has established a connection between this cybercriminal gang and more than 60 breaches worldwide within the initial four months of their operation, spanning from November 2021 to March 2022. The law enforcement agency also estimates that ALPHV has amassed a minimum of $300 million in ransom payments from over 1,000 victims until September 2023.
Who is the ALPHV Ransomware Group?
ALPHV ransomware emerged in November 2021 and is believed to be a rebranding of the DarkSide and BlackMatter ransomware groups. The group gained significant attention worldwide following the Colonial Pipeline attack, which triggered extensive investigations by law enforcement agencies and resulted in the group undergoing two rebranding efforts.
In December, the FBI successfully disrupted ALPHV’s operations by breaching their servers months prior and developing a decryption tool. This led to the temporary takedown of ALPHV’s Tor negotiation and leak sites.
However, ALPHV ransomware managed to regain control of their data leak site using private keys they still possessed. They have now launched a new Tor leak site that the FBI has not yet been able to take down.
