The notorious ransomware group known as BlackCat and Alphv has taken credit for the recently disclosed cyberattacks impacting financial giants LoanDepot and Prudential Financial.
The two companies were named on the BlackCat leak website on Friday, February 16, and, based on the messages published by the hackers, both companies have refused to pay a ransom.
In the case of mortgage and non-mortgage lending firm LoanDepot, it had been known that the company was targeted in a ransomware attack, but insurance, retirement and investment firm Prudential Financial had not shared too much information on the type of cyberattack, except to say that it was conducted by a cybercrime group.
When it disclosed the incident, Prudential Financial said the attackers accessed administrative and user data, as well as user accounts associated with employees and contractors. It said there had been no evidence of customer or client data theft.
In a post published on its leak website on Friday, the BlackCat ransomware gang claimed it still had access to Prudential systems. The cybercriminals claimed they had been looking into selling the data, but said they might also release it for free “so journalists can investigate financial wrongdoing”.
As for LoanDepot, the company confirmed in January that a ransomware attack resulted in a data breach impacting 16.6 million people.
The cybercrime group said on Friday that it’s in the process of selling the stolen LoanDepot data, which allegedly includes more information than what was mentioned in the company’s breach notification.
BlackCat was targeted in a law enforcement operation in late 2023 and had its main leak website seized. The US government also released a decryption tool to help some of the impacted organizations recover data without paying a ransom.
However, the ransomware group did not appear discouraged, setting up a new leak website and telling affiliates that there would no longer be any limitation on the types of organizations they could target.
The US last week announced a reward of up to $10 million for information on the BlackCat group’s leaders and up to $5 million for any affiliate.
It remains to be seen if the cybercriminals keep the BlackCat brand alive or if they migrate to a new operation.
Related: Ransomware Attack Knocks 100 Romanian Hospitals Offline
Related: Ransomware Payments Surpassed $1 Billion in 2023: Analysis