November 25, 2024

National mortgage lender LoanDepot declined to comment on claims by the ransomware group ALPHV/Blackcat that it was behind a cyberattack that the lender admitted compromised the personal lives of 16.6 million people. Information is exposed to “unauthorized third parties.”

When it disclosed the cyberattack on January 8, loanDepot declined to provide more specific information about the exact time the security breach occurred or whether the company had received a ransom demand.

But on Friday, February 16, ALPHV/Blackcat claimed responsibility for cyberattacks on LoanDepot and Prudential Financial, complaining on a dark website that neither company had complied with its demands.

according to registerThe ransomware group claims that loanDepot negotiators initially offered to pay $6 million to release the company’s data, an offer the group later viewed as a delaying tactic.

ALPHV/Blackcat reportedly posted this message on their dark web page: “They (loanDepot) offered $6 million for the data and decryptor, but they said if we wait for the weekend, they may get a significant markup — This is a tactic used by negotiators.” Another IT news site, Red envelope security. “At the end of the weekend, they disappear.”

A spokesperson for LoanDepot declined to comment on the group’s claims, but said in an email to Inman, “We are 100% back up and running and have been for weeks.”

On Monday, January 22, loanDepot was at Network event update page It is still working to restore its loan origination and loan servicing systems. A LoanDepot spokesman said the company’s systems were fully restored later this week.

The company has previously stated that its Loan Servicing PortalThe tool homeowners use to make their monthly mortgage payments came back online on January 18 “with some limited functionality” and became fully operational the next day.

this MyloanDepot Customer Portal for online loan application and status tracking, Merlo House’s website (which connects pre-approved home buyers with partner real estate agents) and loanDepot HELOC Customer Portal It was reported to be back online on January 18th.

Two of the nation’s largest title insurance companies, Fidelity National Financial and First American Financial, shut down their systems after similar security breaches in November and December. Mortgage servicing giant Mr. Cooper notified nearly 15 million past and current customers in December that their personal information may have been exposed in a data breach in October.

According to the FBI, ALPHV/Blackcat and its affiliates were compromised More than 1,000 companies and government entities, and received nearly $300 million in ransom payments.

The FBI developed a decryption tool and provided it to victims to help recover their systems, saving dozens of victims from ransom demands totaling approximately $99 million. ” Announces up to $15 million Reward aimed at stopping the group.

The Department of State is offering a reward of up to $10 million for information leading to the identification or location of anyone in key leadership positions within the ALPHV/Blackcat organization, and a reward of up to $5 million for information leading to the arrest or conviction of anyone involved. .Ransomware attacks using ALPHV/Blackcat variants.

The U.S. Department of Justice said in a statement that the ALPHV/Blackcat group uses a “ransomware-as-a-service model,” in which developers create ransomware and affiliates identify and attack “high-value victim organizations.” Press Release December 19.

“Black cat actors have compromised computer networks in the United States and around the world,” the Justice Department said. “The ransomware variants caused disruptions that impacted critical U.S. infrastructure — including government facilities, emergency services, defense industrial base companies, critical manufacturing, health care and public health facilities — as well as other companies, government entities and schools.”

Ministry of Justice announced on tuesday It disrupted the operations of another ransomware group, LockBit, which worked with international law enforcement partners to seize public-facing websites and servers it allegedly used to extort victims. Two Russian nationals were indicted and charged with assaulting multiple U.S. and international victims.

The FBI and the UK’s National Crime Agency (NCA) cyber unit have Develop decryption capabilities Recover systems affected by variants of the LockBit ransomware and encourage victims to contact the FBI to determine if their systems can be recovered.

Get Inman’s mortgage newsletter delivered straight to your inbox. A weekly digest of all the biggest news in mortgages and settlements around the world is published every Wednesday. Click here to subscribe.

Email Matt Carter