Calvert Home Mortgage Faces Ransomware Threat from Qilin

Incident Date: Nov 22, 2024

Attack Overview

VICTIM

Calvert Home Mortgage Investment

INDUSTRY

Finance

LOCATION

Canada

ATTACKER

Qilin

FIRST REPORTED

November 22, 2024

Request Removal

Ransomware Attack on Calvert Home Mortgage by Qilin: A Cybersecurity Analysis

Calvert Home Mortgage, a boutique private lender based in Alberta, fell victim to a ransomware attack on November 22, 2024. The attack, orchestrated by the Qilin ransomware group, resulted in the leak of 300GB of sensitive data from the company's systems. Founded in 1975, Calvert Home Mortgage is known for its fast, flexible, and value-based lending options tailored to mortgage brokers, homeowners, and real estate investors in the region.

Company Overview

Calvert Home Mortgage stands out in the industry for its personalized service, innovative lending products, and commitment to customer satisfaction. The company's focus on providing tailored financial solutions has made it a trusted name in the mortgage sector within Alberta. However, this customer-centric approach may have made them a target for threat actors seeking to exploit vulnerabilities in their systems.

Attack Overview

The ransomware attack by Qilin on Calvert Home Mortgage involved the encryption of critical files and the exfiltration of sensitive data. The threat actor demanded a ransom for the decryption key and threatened to leak the stolen information on their dark web leak site if the payment was not made. The attack disrupted the company's operations and potentially compromised the privacy and security of their clients.

Qilin Ransomware Group

Qilin, also known as Agenda, is a Ransomware-as-a-Service (RaaS) group that emerged in July 2022. The group distinguishes itself through its double extortion tactics, advanced encryption algorithms, and cross-platform adaptability. Qilin recruits affiliates from underground forums, likely connected to Russian-speaking threat actors, and targets large enterprises across various sectors, including finance, healthcare, and manufacturing.

Penetration of Company Systems

Qilin likely penetrated Calvert Home Mortgage's systems through spear phishing emails containing malicious links or attachments. The group may have also exploited vulnerabilities in Citrix ADC, RDP, or VMware ESXi to gain initial access. Once inside the network, Qilin used tools like PsExec and Cobalt Strike for lateral movement, maintaining persistence through scheduled tasks and boot scripts.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.