Ransomware Attack on Yale Mortgage Funding LLC by Play Group

Overview

Yale Mortgage Funding LLC, a prominent mortgage lender based in Miami Beach, Florida, has fallen victim to a ransomware attack orchestrated by the cybercriminal group known as Play. The attack was disclosed through the group's dark web leak site, indicating a serious breach of the company's digital security systems.

Company Profile

Founded in 1992, Yale Mortgage Funding LLC specializes in hard equity loans, particularly known for not requiring income or credit verification from its applicants. This approach has positioned them as the largest direct hard equity lender in Florida. The company operates with a workforce of 51-200 employees and is licensed under the National Mortgage Licensing System (NMLS ID 1026459).

Attack Details

The Play ransomware group, which leverages Linux-targeting ransomware derived from the Babuk code, has claimed responsibility for the attack. While the exact ransom demand has not been publicly disclosed, the breach has resulted in the theft of extensive sensitive data, including private client documents, financial records, payroll information, contracts, tax details, and personal identification documents.

Implications and Risks

The stolen data encompasses a wide array of confidential and critical information, posing significant risks to the privacy and financial security of Yale Mortgage Funding's clients and the company's operational integrity. The breach underscores the vulnerability of financial institutions, especially those like Yale Mortgage Funding that handle substantial personal and financial data.

Sources

• SentinelOne Labs - Hypervisor Ransomware: Multiple Threat Actor Groups Hop on Leaked Babuk Code to Build ESXi Lockers
• Sophos News - Press and Pressure: Ransomware Gangs and the Media
• TechTarget - Definition of Ransomware
• UK Parliament Publications - National Security Strategy
• Checkpoint Cyber Hub - Ransomware
• Medium - APT73: Unveiling New Ransomware Group