Ransomware Attack on Yale Mortgage Funding LLC: Play Group Claims Responsibility
Incident Date:
April 26, 2024
Overview
Title
Ransomware Attack on Yale Mortgage Funding LLC: Play Group Claims Responsibility
Victim
Yale Mortgage Funding LLC.
Attacker
Play
Location
First Reported
April 26, 2024
Ransomware Attack on Yale Mortgage Funding LLC by Play Group
Overview
Yale Mortgage Funding LLC, a prominent mortgage lender based in Miami Beach, Florida, has fallen victim to a ransomware attack orchestrated by the cybercriminal group known as Play. The attack was disclosed through the group's dark web leak site, indicating a serious breach of the company's digital security systems.
Company Profile
Founded in 1992, Yale Mortgage Funding LLC specializes in hard equity loans, particularly known for not requiring income or credit verification from its applicants. This approach has positioned them as the largest direct hard equity lender in Florida. The company operates with a workforce of 51-200 employees and is licensed under the National Mortgage Licensing System (NMLS ID 1026459).
Attack Details
The Play ransomware group, which leverages Linux-targeting ransomware derived from the Babuk code, has claimed responsibility for the attack. While the exact ransom demand has not been publicly disclosed, the breach has resulted in the theft of extensive sensitive data, including private client documents, financial records, payroll information, contracts, tax details, and personal identification documents.
Implications and Risks
The stolen data encompasses a wide array of confidential and critical information, posing significant risks to the privacy and financial security of Yale Mortgage Funding's clients and the company's operational integrity. The breach underscores the vulnerability of financial institutions, especially those like Yale Mortgage Funding that handle substantial personal and financial data.
Sources
- SentinelOne Labs - Hypervisor Ransomware: Multiple Threat Actor Groups Hop on Leaked Babuk Code to Build ESXi Lockers
- Sophos News - Press and Pressure: Ransomware Gangs and the Media
- TechTarget - Definition of Ransomware
- UK Parliament Publications - National Security Strategy
- Checkpoint Cyber Hub - Ransomware
- Medium - APT73: Unveiling New Ransomware Group
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.