Connect with us

Hi, what are you looking for?


Data Breaches

Ransomware Group Takes Credit for LoanDepot, Prudential Financial Attacks

The BlackCat/Alphv ransomware group has taken credit for the LoanDepot and Prudential Financial attacks, threatening to sell or leak data.

BlackCat ransomware

The notorious ransomware group known as BlackCat and Alphv has taken credit for the recently disclosed cyberattacks impacting financial giants LoanDepot and Prudential Financial.

The two companies were named on the BlackCat leak website on Friday, February 16, and, based on the messages published by the hackers, both companies have refused to pay a ransom.

In the case of mortgage and non-mortgage lending firm LoanDepot, it had been known that the company was targeted in a ransomware attack, but insurance, retirement and investment firm Prudential Financial had not shared too much information on the type of cyberattack, except to say that it was conducted by a cybercrime group. 

When it disclosed the incident, Prudential Financial said the attackers accessed administrative and user data, as well as user accounts associated with employees and contractors. It said there had been no evidence of customer or client data theft. 

In a post published on its leak website on Friday, the BlackCat ransomware gang claimed it still had access to Prudential systems. The cybercriminals claimed they had been looking into selling the data, but said they might also release it for free “so journalists can investigate financial wrongdoing”.

As for LoanDepot, the company confirmed in January that a ransomware attack resulted in a data breach impacting 16.6 million people

The cybercrime group said on Friday that it’s in the process of selling the stolen LoanDepot data, which allegedly includes more information than what was mentioned in the company’s breach notification. 

BlackCat was targeted in a law enforcement operation in late 2023 and had its main leak website seized. The US government also released a decryption tool to help some of the impacted organizations recover data without paying a ransom.

Advertisement. Scroll to continue reading.

However, the ransomware group did not appear discouraged, setting up a new leak website and telling affiliates that there would no longer be any limitation on the types of organizations they could target. 

The US last week announced a reward of up to $10 million for information on the BlackCat group’s leaders and up to $5 million for any affiliate. 

It remains to be seen if the cybercriminals keep the BlackCat brand alive or if they migrate to a new operation

Related: Ransomware Attack Knocks 100 Romanian Hospitals Offline

Related: Ransomware Payments Surpassed $1 Billion in 2023: Analysis

Related: The Ransomware Threat in 2024 is Growing: Report

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

More People On The Move

Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.