Landmark Life Insurance Co Hit by Abyss Ransomware, Sensitive Data Compromised

Incident Date:

June 27, 2024

World map



Landmark Life Insurance Co Hit by Abyss Ransomware, Sensitive Data Compromised


Landmark Life Insurance Co




Houston, USA

Texas, USA

First Reported

June 27, 2024

Landmark Life Insurance Co Targeted by Abyss Ransomware Group

Overview of Landmark Life Insurance Co

Landmark Life Insurance Co, headquartered in Brownwood, Texas, specializes in providing life insurance products and services. The company offers term life, whole life, and universal life insurance options, designed to provide financial protection to beneficiaries upon the policyholder's death. Additional riders and benefits, such as accidental death benefits and critical illness coverage, allow for customized coverage. With a workforce of 11-50 employees, Landmark Life Insurance Co is known for personalized consultations, assistance with the application and underwriting process, and ongoing customer service, making it a notable player in the insurance sector.

Details of the Ransomware Attack

On May 13, 2024, Landmark Life Insurance Co was targeted by the Abyss ransomware group, resulting in the compromise of sensitive personal, medical, and insurance information. The stolen data includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, financial account numbers, tax identification numbers, medical information, health insurance policy numbers, and life and annuity policy information. The company has begun notifying affected individuals and relevant authorities, including the Maine Attorney General's Office and Massachusetts’ Office of Consumer Affairs and Business Regulation. The full scope of the breach is still under investigation, and the number of impacted individuals has not yet been disclosed. Landmark Life Insurance Co has advised potentially affected individuals to monitor their account statements and credit reports for signs of unauthorized activity.

Profile of the Abyss Ransomware Group

The Abyss ransomware group, a multi-extortion operation that emerged in March 2023, primarily targets VMware ESXi environments. Known for hosting a TOR-based website to list victims and exfiltrated data, Abyss Locker ransomware campaigns have targeted various industries, including finance, manufacturing, information technology, and healthcare, with a focus on the United States. Initial access often involves weak SSH configurations and SSH brute force attacks. For Linux systems, Abyss Locker payloads are derived from the Babuk codebase. Encrypted files are marked with the ".crypt" extension, and ransom notes are found in folders containing encrypted files with the .README_TO_RESTORE extension.

Potential Vulnerabilities and Penetration Methods

Landmark Life Insurance Co may have been vulnerable due to weak SSH configurations and insufficiently secured remote access points. Outdated software and lack of regular system updates can also expose vulnerabilities. The Abyss ransomware group likely leveraged these weaknesses to penetrate the company's systems. This attack highlights the importance of robust cybersecurity measures, including strong password policies, multi-factor authentication, regular system updates, and comprehensive backup and disaster recovery processes. As the investigation continues, it is crucial for organizations to remain vigilant and proactive in their cybersecurity efforts to mitigate similar risks.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.