Fidelity National Title Hacked and Held
For Ransom 11/19/2023
How to Protect Your Organization from
AlphV/BlackCat Ransomware
Ransomware attacks are
becoming increasingly common and sophisticated, and AlphV/BlackCat is one of
the most dangerous ransomware groups operating today (I posted this 11/22/2023).
This ransomware group has targeted a wide range of organizations, including businesses, government agencies, and healthcare providers. They were doing healthcare, then casinos, now it looks like financial services- mortgage, title, banks, oh my. Citrix bleed is one of the weaknesses they employed. Fidelity Title was warned about this system vulnerability.
Citrix known to be leveraged by LockBit 3.0 affiliates, allows threat actors to bypass password requirements and multifactor authentication (MFA), leading to successful session hijacking of legitimate user sessions on Citrix NetScaler web application delivery control (ADC) and Gateway appliances. You know the little box that asks you to check all the boats or bikes, it bypasses this with ease.
Fifteen years ago title work was done on paper in metal file cabinets, with a runner to the county recorder office. Will this instill lack of confidence that returns us to the dark ages? Digital has risks. Borrowers still today have EMD funds wired to the title company's bank held in suspense. Also some funded loans will need to be backed out as they didn't record. Borrowers will incur additional costs, lenders will re-disclose the extension fees, and this still is a big mess.
Fidelity is not commenting and competitors also silent. Stock price holding.
They have been known to
demand millions of dollars in ransom payments, and they often steal sensitive
data before encrypting it.
What is AlphV/BlackCat Ransomware?
AlphV/BlackCat is a type
of ransomware that encrypts an organization's files and demands a ransom
payment in exchange for the decryption key. The ransomware group is known for
its use of sophisticated attack methods, and they are constantly evolving their
tactics to evade detection.
How Does AlphV/BlackCat
Ransomware Work?
AlphV/BlackCat
ransomware typically gains access to an organization's network through phishing
emails or social engineering attacks. Once the ransomware is inside the
network, it spreads to other computers and encrypts files. The ransomware group
then demands a ransom payment in exchange for the decryption key.
How to Protect Your
Organization from AlphV/BlackCat Ransomware
There are a number of
things that organizations can do to protect themselves from AlphV/BlackCat
ransomware. These include:
- Educating employees about ransomware: Employees are often the
first line of defense against ransomware attacks. It is important to
educate employees about the dangers of ransomware and how to identify and
avoid phishing emails and social engineering attacks.
- Implementing strong security controls: Organizations should
implement strong security controls, such as firewalls, intrusion
detection systems, and endpoint security software. These
controls can help to prevent ransomware from gaining access to the
network.
- Patching software vulnerabilities: Software vulnerabilities can
be exploited by ransomware attackers to gain access to
systems. Organizations should patch software vulnerabilities
promptly.
- Backing up data regularly: Organizations should back up their
data regularly and store the backups offline or in a secure cloud storage
location. This will allow them to restore their data in the event of
a ransomware attack.
- Having a ransomware incident response plan: Organizations
should have a ransomware incident response plan in place so that they know
what to do in the event of an attack. The plan should include steps
for isolating the affected systems, eradicating the
ransomware, and restoring data from backups.
- Have core contact
Additional Tips for
Avoiding AlphV/BlackCat Ransomware
In addition to the steps
above, organizations can also take the following steps to avoid AlphV/BlackCat
ransomware:
- Use strong passwords and enable multi-factor authentication (MFA): Strong
passwords and MFA can help to prevent unauthorized access to systems.
- Segment the network: Segmenting the network can make it more
difficult for ransomware to spread.
- Disable remote desktop protocol (RDP) unless it is absolutely
necessary: RDP is a common attack vector for ransomware.
- Monitor network activity for suspicious behavior: Organizations
should monitor network activity for suspicious behavior that could
indicate a ransomware attack.
- Train employees about advanced phishing attacks these bad buys can
now duplicate and replicate co-workers and websites
By taking these steps,
organizations can significantly reduce their risk of being attacked by
AlphV/BlackCat ransomware.
Update 12/21/2023 some EMD accounts and wired accounts are still held up on closing transactions.
FBI took down ONE OF Alpha/BlackCat websites 12/19/2023 https://therecord.media/alphv-black-cat-ransomware-takedown-fbi
AlphV/BlackCat blames Fidelity for employing Google's Mandiant Unit. They stated the intention is to ruin any company in their way. Alpha/BlackCat can access every Fidelity Title client information in the cloud. Your bank account is not safe. Google Ads seems to be disrupted.
Notice none of this is in our news media? Competitor Title Companies refuse to make any public comments.
Class action lawsuits filed 12/20 against Fidelity and five against related case with Mr. Cooper
Lock down your bank accounts. DO NOT open attachments.