KillSec Ransomware Hits Belgian Brokerage Schyns Assurances

Incident Date:

September 9, 2024

World map

Overview

Title

KillSec Ransomware Hits Belgian Brokerage Schyns Assurances

Victim

Schyns Assurances & Finances

Attacker

Killsec

Location

Herve, Belgium

, Belgium

First Reported

September 9, 2024

Ransomware Attack on Schyns Assurances & Finances by KillSec

Schyns Assurances & Finances, a brokerage firm based in Battice, Belgium, has recently fallen victim to a ransomware attack orchestrated by the notorious hacking group KillSec. The attack was publicly claimed by KillSec on their dark web leak site, where they asserted that they had successfully breached a third-party provider associated with Schyns Assurances & Finances.

About Schyns Assurances & Finances

Schyns Assurances & Finances is a well-established brokerage firm with over 40 years of experience in the insurance and financial services industry. The company operates under the registered name Schyns Assurances SA and is identified by the company number 0439.630.724. With a team of approximately 10 employees, the firm offers a range of services including insurance brokerage, financial consulting, and personalized advisory services. Their expertise spans various types of insurance products such as life, property, and health insurance, as well as wealth management and savings strategies.

What sets Schyns Assurances & Finances apart in the Belgian market is their commitment to building long-term relationships with clients, characterized by trust and transparency. They act as intermediaries between clients and insurance providers, ensuring that clients receive the best possible coverage options tailored to their unique circumstances.

Attack Overview

The ransomware attack on Schyns Assurances & Finances was executed by KillSec, a group known for targeting various industries and countries. According to KillSec, they managed to exfiltrate sensitive data related to the company's SaaS enterprise clients. The breach highlights the vulnerabilities that even well-established firms can face, particularly when relying on third-party providers for critical services.

About KillSec

KillSec, also known as Kill Security, is a ransomware group that has been active in targeting multiple sectors including government, manufacturing, defense, professional services, banking, and finance. The group is known for its extensive targeting and significant extortion amounts, which can range from 1,500 EUR to 10,000 EUR. KillSec uses a variety of communication channels such as Telegram, Session Messenger, and Tox, and prefers Monero (XMR) cryptocurrency for transactions.

KillSec distinguishes itself through its sophisticated attack methods and the use of multiple communication channels and crypto wallets. The group is tracked and monitored by various cybersecurity platforms, including ID Ransomware and Ransom-DB. Recent activity indicates that KillSec continues to be a significant threat to organizations across different industries.

Penetration Methods

While the exact methods used by KillSec to penetrate Schyns Assurances & Finances' systems are not fully disclosed, it is likely that the group exploited vulnerabilities in the third-party provider's security infrastructure. This breach underscores the importance of robust cybersecurity measures and the need for continuous monitoring and assessment of third-party risks.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.