Meow Ransomware Hits All Parks Insurance, Steals 90GB of Data
Incident Date:
August 26, 2024
Overview
Title
Meow Ransomware Hits All Parks Insurance, Steals 90GB of Data
Victim
All Parks Insurance
Attacker
Meow
Location
First Reported
August 26, 2024
Meow Ransomware Group Targets All Parks Insurance in Devastating Cyber Attack
All Parks Insurance, a specialized underwriting agency based in Australia, has become the latest victim of a ransomware attack orchestrated by the notorious Meow ransomware group. The attack has resulted in the exfiltration of 90 gigabytes of sensitive data, including employee information, client details, and financial records.
About All Parks Insurance
Established in May 2011, All Parks Insurance focuses on providing tailored insurance solutions for caravan parks, camping grounds, holiday villages, and home estates across Australia. The company, founded by Julie Pernecker, stands out in the industry due to its comprehensive and custom-designed insurance policies that address the unique risks faced by operators in these sectors. Their offerings include coverage for accidental damage, malicious damage, catastrophe escalation costs, and seasonal variations in risk.
Details of the Ransomware Attack
The Meow ransomware group has listed All Parks Insurance on their dark web leak site, claiming to have stolen 90 gigabytes of data. The compromised information includes employee data, client information, scanned payment documents, and personal details such as dates of birth and driver’s license scans. Financial records and policy details for several clients were also exfiltrated. To substantiate their claims, Meow has shared several documents, including commission prepayment details for numerous caravan parks, Greenslip policy documents, and tax file number declarations.
Rather than issuing a ransom demand, the Meow group is selling the stolen data outright. They are offering the data for US$20,000 to a single buyer or US$10,000 to multiple buyers, with transactions facilitated through encrypted communication platforms like Telegram, Jabber, Tox, or Matrix.
About the Meow Ransomware Group
Meow Ransomware emerged in late 2022 and is associated with the Conti v2 ransomware variant. The group resurfaced in late 2023 and has been highly active since then. They primarily target industries with sensitive data, such as healthcare and medical research, and have been known to post victim data on their leak site if the ransom is not paid. Meow Ransomware employs various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms.
Potential Vulnerabilities
All Parks Insurance, like many companies in the insurance sector, handles a significant amount of sensitive data, making it an attractive target for ransomware groups. The company's reliance on digital records and the potential for vulnerabilities in their cybersecurity infrastructure could have facilitated the Meow group's penetration of their systems. The attack underscores the critical need for advanced cybersecurity measures in the insurance and tourism sectors.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.