alphv attacks Triten Insurance

Incident Date:

September 14, 2022

World map



alphv attacks Triten Insurance


Triten Insurance




Blountville, USA

Tennesse, USA

First Reported

September 14, 2022

Triten Insurance Targeted by Alphv Ransomware Group

Triten Insurance, a company specializing in auto, home, business, commercial, life & health insurance, employee benefits, and Medicare related insurance products, has been targeted by the ransomware group Alphv. The attack was announced on the group's dark web leak site, indicating that the victim's website has been compromised.

Alphv, also known as BlackCat or Noberus, is a ransomware family that operates as part of Ransomware as a Service (RaaS) operations. The group is known for its highly configurable Rust-driven ransomware, which attempts to evade detection by disabling Windows Defender and removing Microsoft Security Essentials.

Triten Insurance is based in Blountville, Tennessee, and serves customers in Northeast Tennessee and Southwest Virginia, including cities like Bristol, Kingsport, and Johnson City. The company was formed through the merger of Hagerty Hyler Insurance and the Business Insurance Group in 2007.

The attack on Triten Insurance is part of a broader trend of ransomware groups evolving their tactics to include DDoS attacks, contacting victims' customers and partners, and short selling victims' stocks to increase pressure on the victims to pay the ransom.

To mitigate the risks of ransomware attacks, organizations should conduct regular cybersecurity drills, build incident response plans, and implement business contingency plans to minimize the impact on operations. It is also recommended not to pay the ransom, as it supports the operation of ransomware gangs.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.