Marcus & Millichap, a publicly-traded real estate investment corporation became the victim of a recent cyberattack that may have been the activity of the BlackMatter ransomware group, as per the malware sample discovered on Hatching Triage.
In an 8-K filing with the SEC on Monday, the company said that it “had been subject to a cybersecurity attack on its information technology systems.” Marcus & Millichap stated that there was no indication of a data leak and the attack is not categorized as a ransomware attack.
The filing stated, “[Marcus & Millichap] immediately engaged cybersecurity experts to secure and restore all essential systems and was able to do so with no material disruption to its business.”
“The Company’s investigation of the attack is ongoing; however, at this time there is no evidence of any material risk or misuse relating to personal information.”
Moreover, a BlackMatter ransomware sample found by Valéry Marchive of TechTarget sister site LeMagIT on Hatching Triage displayed a ransom message that indicated the link between the sample and Marcus & Millichap.
However the ransomware gang does not specifically mention Marcus & Millichap, it does mention systems connected to the domain “mmreibc.prv,” which is almost similar to a site owned by the firm i.e mmreibc.com.
A question from a user is included in a Malwarebytes forum post from 2010, including a list of documents that comprises both the mmreibc.prv domain and two clear links to Marcus & Millichap. Last year, a Microsoft community post made clear allusions to both the company and mmreibc.prv.
The note reads, “If you are not going to contact us in the next 3 days, we will prepare your data for the publications. Your personal company info will be leaked and will be in the news. This will lead to a fall of your stock.”
The ransomware note further claimed that 500 GB of data had been stolen.
Since the ransom negotiation chat site has been locked, the status of any prospective ransomware settlements between the victim and BlackMatter is unclear.
According to the company’s 8-K filing, Marcus & Millichap carries cyber insurance, which it believes will pay most of the expenditures connected to this attack.
SearchSecurity reached out to Marcus & Millichap for the response on whether the event was a BlackMatter ransomware assault or the firm paid the threat actors a ransom. The following statement was issued by a spokesperson:
“Marcus & Millichap’s 8-K filing stands on its own and best provides the context of what occurred and how we responded to a cyberattack. In keeping with our tradition of placing the highest priority on corporate systems, client service and agent and originator support, we immediately deployed all necessary resources to respond to the incident. As mentioned in the filing, we were able to restore all essential systems and at present, there is no interruption to our business.”
The BlackMatter ransomware group first surfaced in July. At that point, security intelligence provider Flashpoint stated that the threat actor resembled ransomware giants REvil and DarkSide and was aiming for large-scale victims.