ALPHV/BlackCat ransomware group has allegedly targeted the Utah-based mortgage company Academy Mortgage.
The official website of Academy Mortgage was functional at the time of writing. The alleged Academy Mortgage cyber attack was not confirmed by the company.
Academy Mortgage cyber attack
Cybersecurity analyst Dominic Alvieri tweeted about the Academy Mortgage cyber attack along with the following screenshot.
“It is crucial that you understand the gravity of the situation and cooperate with us to resolve this discretely,” read the text shared by Alvieri.
In a post on their leak site, the ALPHV ransomware group claimed the Academy Mortgage cyber attack. The post stated that the hacker collective has 26 attachments/files stolen from the ransomware attack on the company.
The Cyber Express has reached out to the company to confirm the Academy Mortgage cyber attack; however, we are yet to receive a reply.
The Academy Mortgage Corporation
The mortgage company settled a lawsuit by paying $38.5 million against allegations of violating the False Claims Act.
The company was accused of improperly underwriting mortgages insured by the Federal Housing Administration (FHA), a Department of Justice news release read.
The company embroiled in the ransomware attack had a lawsuit filed against it by a former Academy underwriter Gwen Thrower, as a whistleblower.
“Under the terms of the settlement, Academy will pay $38,500,000 to the United States. Thrower will receive $11,511,500 as her share of the settlement proceeds,” the news release dated December 14, 2022, further read.
In 2022, the Chief Information Security Officer (CISO) of the Academy Mortgage Corporation, Matt DeVico was awarded for being among the top global CISOs in the world by the Cyber Defense Magazine.
Academy Mortgage cyber attack and BlackCat ransomware group
Besides claiming the Academy Mortgage cyber attack, the BlackCat ransomware group was in the media and listed among the top eight cybercrime groups active last weekend.
According to a tweet from Sofia Scozzari, CEO & Founder of the cybersecurity firm, Hackmanac, ALPHV topped the list along with BlackByte, Akira, LockBit and more.
Among the most targeted countries, last week were the United States of America, Sweden, Libya, the United Kingdom, and Germany.
However, in the past year, the group excessively targeted the USA, Canada, Australia, and the UK among other nations.
Growing threat of the BlackCat ransomware group
The United States Department of Health and Human Services published a report alerting about the BlackCat ransomware group. The report highlighted the impact of cyberattacks by the group on the healthcare sector of the United States.
The group gains access to systems often via exploiting unpatched and vulnerable software as shown above or gaining access to login credentials.
The BlackCat ransomware was found to be capable of infiltrating the following operating systems:
Windows, 7 to 11, as well as Server 2008r2, 2012,
2016, 2019, 2022 (XP and 2003 can be encrypted
over Server Message Block
• ESXI (at least versions 5.5, 6.5, 7.0.2u)
• Debian (at least versions 7,8 and 9)
• Ubuntu (at least versions 18.04 and 20.04)
• ReadyNAS
• Synology
Hence it is important to keep the system updated to its latest versions to avoid exploitation through a vulnerability.
ALPHV/BlackCat ransomware gang is the first known group to use ransomware written in Rust.
Once the malware gains access, it compromises Active Directory user and administrator accounts, and then uses Windows Task Scheduler to deploy ransomware using malicious Group Policy Objects (GPOs) which have been configured via PowerShell scripts and Cobalt Strike.
The ransomware also disables security features within the victim’s network.
Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.