Academy Mortgage Cyber Attack Claimed By Blackcat Ransomware
BlackCat Ransomware Claims Academy Mortgage Cyber Attack
The ALPHV ransomware group targeted the US mortgage company and listed it among its latest victims.
Vishwa Pandagle by Vishwa Pandagle May 15, 2023 in Data Breach News, Firewall Daily
0
Academy Mortgage Cyber Attack
600
SHARES
3.3k
VIEWS
Share on LinkedIn
Share on Twitter
ALPHV/BlackCat ransomware group has allegedly targeted the Utah-based mortgage company Academy Mortgage.
The official website of Academy Mortgage was functional at the time of writing. The alleged Academy Mortgage cyber attack was not confirmed by the company.
You might also like
Alleged China Daily Data Breach Claimed by LockBit Ransomware Group
NoName Claims to Hit German Ministry of Foreign Affairs, Czech Foreign Ministry
Pike Nurseries Hacked! LockBit Ransomware Group Threatens to Leak Data
Academy Mortgage cyber attack
Cybersecurity analyst Dominic Alvieri tweeted about the Academy Mortgage cyber attack along with the following screenshot.
Academy Mortgage Cyber Attack
Photo: Dominic Alvieri/ Twitter
“It is crucial that you understand the gravity of the situation and cooperate with us to resolve this discretely,” read the text shared by Alvieri.
In a post on their leak site, the ALPHV ransomware group claimed the Academy Mortgage cyber attack. The post stated that the hacker collective has 26 attachments/files stolen from the ransomware attack on the company.
The Cyber Express has reached out to the company to confirm the Academy Mortgage cyber attack; however, we are yet to receive a reply.
The Academy Mortgage Corporation
The mortgage company settled a lawsuit by paying $38.5 million against allegations of violating the False Claims Act.
The company was accused of improperly underwriting mortgages insured by the Federal Housing Administration (FHA), a Department of Justice news release read.
The company embroiled in the ransomware attack had a lawsuit filed against it by a former Academy underwriter Gwen Thrower, as a whistleblower.
“Under the terms of the settlement, Academy will pay $38,500,000 to the United States. Thrower will receive $11,511,500 as her share of the settlement proceeds,” the news release dated December 14, 2022, further read.
In 2022, the Chief Information Security Officer (CISO) of the Academy Mortgage Corporation, Matt DeVico was awarded for being among the top global CISOs in the world by the Cyber Defense Magazine.
Academy Mortgage cyber attack and BlackCat ransomware group
Besides claiming the Academy Mortgage cyber attack, the BlackCat ransomware group was in the media and listed among the top eight cybercrime groups active last weekend.
According to a tweet from Sofia Scozzari, CEO & Founder of the cybersecurity firm, Hackmanac, ALPHV topped the list along with BlackByte, Akira, LockBit and more.
Among the most targeted countries, last week were the United States of America, Sweden, Libya, the United Kingdom, and Germany.
Academy Mortgage Cyber Attack
(Photo: HHS)
However, in the past year, the group excessively targeted the USA, Canada, Australia, and the UK among other nations.
Growing threat of the BlackCat ransomware group
The United States Department of Health and Human Services published a report alerting about the BlackCat ransomware group. The report highlighted the impact of cyberattacks by the group on the healthcare sector of the United States.
Academy Mortgage Cyber Attack
(Photo: HHS)
The group gains access to systems often via exploiting unpatched and vulnerable software as shown above or gaining access to login credentials.
The BlackCat ransomware was found to be capable of infiltrating the following operating systems:
Windows, 7 to 11, as well as Server 2008r2, 2012,
2016, 2019, 2022 (XP and 2003 can be encrypted
over Server Message Block
• ESXI (at least versions 5.5, 6.5, 7.0.2u)
• Debian (at least versions 7,8 and 9)
• Ubuntu (at least versions 18.04 and 20.04)
• ReadyNAS
• Synology
Hence it is important to keep the system updated to its latest versions to avoid exploitation through a vulnerability.
ALPHV/BlackCat ransomware gang is the first known group to use ransomware written in Rust.
Once the malware gains access, it compromises Active Directory user and administrator accounts, and then uses Windows Task Scheduler to deploy ransomware using malicious Group Policy Objects (GPOs) which have been configured via PowerShell scripts and Cobalt Strike.
The ALPHV ransomware group targeted the US mortgage company and listed it among its latest victims.
Vishwa Pandagle by Vishwa Pandagle May 15, 2023 in Data Breach News, Firewall Daily
0
Academy Mortgage Cyber Attack
600
SHARES
3.3k
VIEWS
Share on LinkedIn
Share on Twitter
ALPHV/BlackCat ransomware group has allegedly targeted the Utah-based mortgage company Academy Mortgage.
The official website of Academy Mortgage was functional at the time of writing. The alleged Academy Mortgage cyber attack was not confirmed by the company.
You might also like
Alleged China Daily Data Breach Claimed by LockBit Ransomware Group
NoName Claims to Hit German Ministry of Foreign Affairs, Czech Foreign Ministry
Pike Nurseries Hacked! LockBit Ransomware Group Threatens to Leak Data
Academy Mortgage cyber attack
Cybersecurity analyst Dominic Alvieri tweeted about the Academy Mortgage cyber attack along with the following screenshot.
Academy Mortgage Cyber Attack
Photo: Dominic Alvieri/ Twitter
“It is crucial that you understand the gravity of the situation and cooperate with us to resolve this discretely,” read the text shared by Alvieri.
In a post on their leak site, the ALPHV ransomware group claimed the Academy Mortgage cyber attack. The post stated that the hacker collective has 26 attachments/files stolen from the ransomware attack on the company.
The Cyber Express has reached out to the company to confirm the Academy Mortgage cyber attack; however, we are yet to receive a reply.
The Academy Mortgage Corporation
The mortgage company settled a lawsuit by paying $38.5 million against allegations of violating the False Claims Act.
The company was accused of improperly underwriting mortgages insured by the Federal Housing Administration (FHA), a Department of Justice news release read.
The company embroiled in the ransomware attack had a lawsuit filed against it by a former Academy underwriter Gwen Thrower, as a whistleblower.
“Under the terms of the settlement, Academy will pay $38,500,000 to the United States. Thrower will receive $11,511,500 as her share of the settlement proceeds,” the news release dated December 14, 2022, further read.
In 2022, the Chief Information Security Officer (CISO) of the Academy Mortgage Corporation, Matt DeVico was awarded for being among the top global CISOs in the world by the Cyber Defense Magazine.
Academy Mortgage cyber attack and BlackCat ransomware group
Besides claiming the Academy Mortgage cyber attack, the BlackCat ransomware group was in the media and listed among the top eight cybercrime groups active last weekend.
According to a tweet from Sofia Scozzari, CEO & Founder of the cybersecurity firm, Hackmanac, ALPHV topped the list along with BlackByte, Akira, LockBit and more.
Among the most targeted countries, last week were the United States of America, Sweden, Libya, the United Kingdom, and Germany.
Academy Mortgage Cyber Attack
(Photo: HHS)
However, in the past year, the group excessively targeted the USA, Canada, Australia, and the UK among other nations.
Growing threat of the BlackCat ransomware group
The United States Department of Health and Human Services published a report alerting about the BlackCat ransomware group. The report highlighted the impact of cyberattacks by the group on the healthcare sector of the United States.
Academy Mortgage Cyber Attack
(Photo: HHS)
The group gains access to systems often via exploiting unpatched and vulnerable software as shown above or gaining access to login credentials.
The BlackCat ransomware was found to be capable of infiltrating the following operating systems:
Windows, 7 to 11, as well as Server 2008r2, 2012,
2016, 2019, 2022 (XP and 2003 can be encrypted
over Server Message Block
• ESXI (at least versions 5.5, 6.5, 7.0.2u)
• Debian (at least versions 7,8 and 9)
• Ubuntu (at least versions 18.04 and 20.04)
• ReadyNAS
• Synology
Hence it is important to keep the system updated to its latest versions to avoid exploitation through a vulnerability.
ALPHV/BlackCat ransomware gang is the first known group to use ransomware written in Rust.
Once the malware gains access, it compromises Active Directory user and administrator accounts, and then uses Windows Task Scheduler to deploy ransomware using malicious Group Policy Objects (GPOs) which have been configured via PowerShell scripts and Cobalt Strike.
