11/22/2023

Hacking Fidelity Title



Fidelity National Title Hacked and Held 

For Ransom 11/19/2023


How to Protect Your Organization from 

AlphV/BlackCat Ransomware

Ransomware attacks are becoming increasingly common and sophisticated, and AlphV/BlackCat is one of the most dangerous ransomware groups operating today (I posted this 11/22/2023).

This ransomware group has targeted a wide range of organizations, including businesses, government agencies, and healthcare providers. They were doing healthcare, then casinos, now it looks like financial services- mortgage, title, banks, oh my. Citrix bleed is one of the weaknesses they employed. Fidelity Title was warned about this system vulnerability.

Citrix known to be leveraged by LockBit 3.0 affiliates, allows threat actors to bypass password requirements and multifactor authentication (MFA), leading to successful session hijacking of legitimate user sessions on Citrix NetScaler web application delivery control (ADC) and Gateway appliances. You know the little box that asks you to check all the boats or bikes, it bypasses this with ease.

Fifteen years ago title work was done on paper in metal file cabinets, with a runner to the county recorder office. Will this instill lack of confidence that returns us to the dark ages? Digital has risks. Borrowers still today have EMD funds wired to the title company's bank held in suspense. Also some funded loans will need to be backed out as they didn't record. Borrowers will incur additional costs, lenders will re-disclose the extension fees, and this still is a big mess.

Fidelity is not commenting and competitors also silent. Stock price holding. 

They have been known to demand millions of dollars in ransom payments, and they often steal sensitive data before encrypting it.

What is AlphV/BlackCat Ransomware?

 

AlphV/BlackCat is a type of ransomware that encrypts an organization's files and demands a ransom payment in exchange for the decryption key. The ransomware group is known for its use of sophisticated attack methods, and they are constantly evolving their tactics to evade detection.

How Does AlphV/BlackCat Ransomware Work?

AlphV/BlackCat ransomware typically gains access to an organization's network through phishing emails or social engineering attacks. Once the ransomware is inside the network, it spreads to other computers and encrypts files. The ransomware group then demands a ransom payment in exchange for the decryption key.

How to Protect Your Organization from AlphV/BlackCat Ransomware

There are a number of things that organizations can do to protect themselves from AlphV/BlackCat ransomware. These include:

  • Educating employees about ransomware: Employees are often the first line of defense against ransomware attacks. It is important to educate employees about the dangers of ransomware and how to identify and avoid phishing emails and social engineering attacks.
  • Implementing strong security controls: Organizations should implement strong security controls, such as firewalls, intrusion detection systems, and endpoint security software. These controls can help to prevent ransomware from gaining access to the network.
  • Patching software vulnerabilities: Software vulnerabilities can be exploited by ransomware attackers to gain access to systems. Organizations should patch software vulnerabilities promptly.
  • Backing up data regularly: Organizations should back up their data regularly and store the backups offline or in a secure cloud storage location. This will allow them to restore their data in the event of a ransomware attack.
  • Having a ransomware incident response plan: Organizations should have a ransomware incident response plan in place so that they know what to do in the event of an attack. The plan should include steps for isolating the affected systems, eradicating the ransomware, and restoring data from backups.
  • Have core contact

Additional Tips for Avoiding AlphV/BlackCat Ransomware

In addition to the steps above, organizations can also take the following steps to avoid AlphV/BlackCat ransomware:

  • Use strong passwords and enable multi-factor authentication (MFA): Strong passwords and MFA can help to prevent unauthorized access to systems.
  • Segment the network: Segmenting the network can make it more difficult for ransomware to spread.
  • Disable remote desktop protocol (RDP) unless it is absolutely necessary: RDP is a common attack vector for ransomware.
  • Monitor network activity for suspicious behavior: Organizations should monitor network activity for suspicious behavior that could indicate a ransomware attack.
  • Train employees about advanced phishing attacks these bad buys can now duplicate and replicate co-workers and websites

By taking these steps, organizations can significantly reduce their risk of being attacked by AlphV/BlackCat ransomware.

Update 12/21/2023 some EMD accounts and wired accounts are still held up on closing transactions. 

FBI took down ONE OF Alpha/BlackCat websites 12/19/2023  https://therecord.media/alphv-black-cat-ransomware-takedown-fbi

AlphV/BlackCat blames Fidelity for employing Google's Mandiant Unit. They stated the intention is to ruin any company in their way. Alpha/BlackCat can access every Fidelity Title client information in the cloud. Your bank account is not safe. Google Ads seems to be disrupted. 

Notice none of this is in our news media? Competitor Title Companies refuse to make any public comments.

Class action lawsuits filed 12/20 against Fidelity and five against related case with Mr. Cooper


Lock down your bank accounts. DO NOT open attachments.