My home warranty company was affected by a cyberattack on their parent company last month, and ALPHV (BlackCat), a known Ransomware as a Service (RaaS) provider, has claimed responsibility.
For anyone not familiar with the term Ransomware as a Service: Yes, this is a real, multi-billion dollar cybercrime industry of skilled ransomware developers who build, market, and maintain cutting edge customizable ransomware that they sell to other hackers. This means that pretty much any hacker can get their hands on up-to-date and sophisticated ransomware they can use against any target they wish. The ransomware product can be sold as a monthly subscription, a one time purchase, or other models, such as profit sharing (where the developers get a significant percentage of each ransom).
This is something every company should be aware of and actively protecting against. It’s so important to ensure that you are always in compliance with your cybersecurity insurance and have a cybersecurity knowledgable attorney you can call in the event of a cyber incident!
Fidelity National Financial provides title insurance and escrow services. When the attack hit, they blocked access to certain systems, even calling the event a ‘catastrophe’ on one of their recorded messages. (From this TechCrunch blog: “For those of you impacted by the recent catastrophe, we hope you and your family are safe. We are here to help you and your family return to normal.”) It just so happened that I needed HVAC heating repair services from their child company, Fidelity National Home Warranty; however, due to the wake of the outage (which FNF said was contained as of Nov 26th), I still haven’t had my HVAC fixed – and it’s been over a month without heat! (Don’t worry, I bought some of those small radiators so my pipes don’t freeze in the meantime).
Cybersecurity Analyst Dominic Alvieri posted this image on X showing ALPHV’s response from their official site on the dark web.
ALPHV/BlackCat came on the scene in 2021. It’s known for posting samples of real data stolen from targets as proof of their ransom. They typically demand a ransom of several million dollars payable in Bitcoin. They employ numerous tactics, and consistently release ‘variants’ (a.k.a. the BlackCat RaaS product plus modifications/customizations or updates) to keep things fresh.
However, according to this Bloomberg Law news article, FNF is being sued over failure to protect its customer’s personal information through such things as encryption and reasonable data security measures required by the FTC. Was my personal information stolen during the attack? Maybe. Who knows. Oopsie Daisy FNF – all this coming on the heels of a litigation earlier this year for illegal ‘no poach’ agreements which hurt workers. Yet another reason why I now use the phrase ‘legal hacking’ instead of ‘ethical hacking’ when referring to consensual legal cybersecurity research and pen testing. You tell me which is worse: RaaS operators and affiliates or corporations with this kind of rap? Maybe it’s best not to try to answer that question, and instead use this time to go make sure you’ve got frequent backups, endpoint protection, phishing/social engineering training, a patch program and 2FA in place.
~ Cas V.
Don’t forget to follow me on LinkedIn!
Leave a Reply