ALPHV ransomware claims loanDepot, Prudential Financial breaches
The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot. [...]
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot. [...]
Security researchers analyzing the Alpha ransomware payload and modus operandi discovered overlaps with the now-defunct Netwalker ransomware operation. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that it's being likely exploited in Akira ransomware attacks
Also: Polish Prime Minister Says Previous Administration Deployed Pegasus SpywareThis week, the Zeus leader pleaded guilty, Prudential detected hackers, U.S. telecoms have to report breaches, Microsoft patched zero-days, researchers said Chinese threat intel is faulty, ransomware hit Romanian healthcare entities, Juniper was breached and Poland allegedly previously used Pegasus.
The U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders. [...]
The RansomHouse ransomware operation has created a new tool named 'MrAgent' that automates the deployment of its data encrypter across multiple VMware ESXi hypervisors. [...]
The LockBit ransomware gang claims to be behind the recent cyberattack on Fulton County, Georgia, and is threatening to publish "confidential" documents if a ransom is not paid. [...]
Researchers See Waning Mystique, Use of Ghost Groups, Breach Tricks, Trauma of WarWhile overall ransomware profits might remain high, many of the remaining or rebooted top-tier groups are "really struggling" with scarce talent, trauma from the Russia-Ukraine war and repeated disruptions by law enforcement, say researchers from threat intelligence firm RedSense.
Threat actors first infected the Hipocrate Information System with a variant of the Phobos ransomware family — and then it spread across the nation's healthcare organizations.
Emergency impacting more than 100 facilities appears to be caused by incident at software provider The Romanian national cybersecurity agency (DNSC) has pinned the outbreak of ransomware cases across the country's hospitals to an incident at a service provider.…
Trans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2023 and that it's now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang. [...]
Black Basta ransomware claimed responsibility, but the company says its investigation is ongoing.
Gang going after critical infrastructure because it's...you know Canada's Trans-Northern Pipelines has allegedly been breached by the ALPHV/BlackCat ransomware crew, which claims to have stolen 190 GB of data from the oil distributor.…
UK utilities firm Southern Water has informed 5-10% of its customer base that their personal data has been accessed following a ransomware attack in January
An attack on a technology partner claimed by LockBit ransomware exposed sensitive information, including Social Security numbers, of more than 57,000 banking customers.
Great news for victims of gang that hit the British Library in October Some smart folks have found a way to automatically unscramble documents encrypted by the Rhysida ransomware, and used that know-how to produce and release a handy recovery tool for victims.…
Emergency Services Are Suspended as Digital Systems Are Pulled OfflineRansomware operators disrupted emergency healthcare services over the weekend, crippling operations in nearly two dozen hospitals in Romania and France. Ransomware attacks increase the in-hospital mortality rate for already-admitted patients, a recent study concluded.
The move by the State Department complements a Hive infrastructure takedown by international law enforcement.
Pulls part of system offline as Black Basta docs suggest the worst Willis Lease Finance Corporation has admitted to US regulators that it fell prey to a "cybersecurity incident" after data purportedly stolen from the biz was posted to the Black Basta ransomware group's leak blog.…
South Korean researchers have publicly disclosed an encryption flaw in the Rhysida ransomware encryptor, allowing the creation of a Windows decryptor to recover files for free. [...]