Ransomware gang Rhysida is demanding 10 BTC ($595,000 at time of writing) for data it says it stole from Olympus Financial, a mortgage broker in Miami, Florida.
On July 31, Olympus Financial notified (PDF) victims of a data breach that compromised names, Social Security numbers, banking details, contact information, addresses, and dates of birth.
Rhysida is now taking bids from third parties for the data, which could indicate that negotiations with Olympus Financial fell through.
Olympus has not verified Rhysida’s claim. We do not yet know whether it did/will pay a ransom, or how attackers breached its network.
The notice from Olympus states, “Our document management system consisted of two locations. The first was an on-site database and the second was an off-site database through a vendor we use to store client information. The onsite database was accessed by an unauthorized third party and that party encrypted the files in June of 2024.”
The company has not disclosed how many people are impacted by the breach. Comparitech contacted Olympus Financial for comment and will update this article if it responds.
Olympus’ notice does not mention offering free credit monitoring or identity theft protection to victims, which is the status quo for data breaches involving Social Security numbers.
Who is Rhysida?
Rhysida is thought to have ties to the ransomware group Vice Society and first originated in May 2023. The group claimed 53 confirmed ransomware attacks since then, affecting about 3.5 million records. Its average ransom is $1.03 million.
In 2024 so far, Rhysida claimed 12 confirmed attacks, including a large breach at Ann & Robert H. Lurie Children’s Hospital of Chicago, which compromised 792,000 records.
Comparitech has logged another 38 unconfirmed attacks claimed by Rhysida.
Ransomware attacks on US finance
Ransomware attacks can both steal data and encrypt target computer systems, allowing the attacker to extort victims twice: once to restore systems and again in exchange for not selling or publicly releasing stolen data. Attacks on tax preparers puts clients at risk of identity theft and tax fraud. The encryption can disrupt operations, causing delays and data loss.
Comparitech researchers tracked 24 confirmed ransomware attacks on US financial companies so far in 2024, affecting 27,462,676 records. Some of the biggest breaches in the finance sector include those on LoanDepot (16.9 million records) and Evolve Bank and Trust (7.6 million records).
The average ransom for US financial businesses is about $1.3 million.
We recorded another 79 unconfirmed ransomware attacks on the US financial sector so far in 2024.
About Olympus Financial
Olympus Financial is a mortgage broker in Miami, Florida (note: a few other companies exist with the same name). According to its website, it has six employees and was founded in 2023.