alphv attacks Triten Insurance
Incident Date:
September 14, 2022
Overview
Title
alphv attacks Triten Insurance
Victim
Triten Insurance
Attacker
Alphv
Location
First Reported
September 14, 2022
Triten Insurance Targeted by Alphv Ransomware Group
Triten Insurance, a company specializing in auto, home, business, commercial, life & health insurance, employee benefits, and Medicare related insurance products, has been targeted by the ransomware group Alphv. The attack was announced on the group's dark web leak site, indicating that the victim's website has been compromised.
Alphv, also known as BlackCat or Noberus, is a ransomware family that operates as part of Ransomware as a Service (RaaS) operations. The group is known for its highly configurable Rust-driven ransomware, which attempts to evade detection by disabling Windows Defender and removing Microsoft Security Essentials.
Triten Insurance is based in Blountville, Tennessee, and serves customers in Northeast Tennessee and Southwest Virginia, including cities like Bristol, Kingsport, and Johnson City. The company was formed through the merger of Hagerty Hyler Insurance and the Business Insurance Group in 2007.
The attack on Triten Insurance is part of a broader trend of ransomware groups evolving their tactics to include DDoS attacks, contacting victims' customers and partners, and short selling victims' stocks to increase pressure on the victims to pay the ransom.
To mitigate the risks of ransomware attacks, organizations should conduct regular cybersecurity drills, build incident response plans, and implement business contingency plans to minimize the impact on operations. It is also recommended not to pay the ransom, as it supports the operation of ransomware gangs.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.