ALPHV ransomware says it was behind attacks on loanDepot, Prudential Financial

Lock on Laptop Screen
(Image credit: (Image credit: Future)

The infamous ALPHV ransomware operator (also known as BlackCat) has added two companies to its data leak site - Prudential Financial, and loanDepot, in a seeming admission it was behind the attacks on both companies.

So far, the group has only added the names to its site, with the actual data not yet available. 

Apparently, the negotiations with Prudential Financial broke down, so the group will publish its database for free. As for loanDepot, the group plans on selling it to the highest bidder, BleepingComputer reported.

Large bounty for ALPHV

For loanDepot, news of a data breach first emerged in early January 2023, when the company said it experienced a “cyber incident” without revealing its nature or origin. Later that month, it confirmed more than 16 million people being affected by what was confirmed to be a ransomware assault. 

Prudential Financial filed an 8-K form with the U.S. Securities and Exchange Commission (SEC) last week detailing the attack. The company is still investigating the incident, but its latest conclusion was that no sensitive customer or client data were taken. Prudential is one of the world’s largest financial services companies, with more than 40,000 employees and more than $50 billion in annual revenue.

The news comes shortly after the U.S. State Department offered up to $10 million in information that could lead to the identification or location of ALPHV leaders - with an additional $5 million for information on those who participated (or tried to) in ALPHV ransomware attacks.

ALPHV is one of the most active, and most popular, ransomware groups, next to the likes of LockBit, or Cl0p. It was first observed in late 2021, possibly after the merging of DarkSide and BlackMatter. It is believed that during its lifetime, ALPHV and its affiliates extorted hundreds of millions of dollars from its victims.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.