Ransomware Attack Compromises DVV Verzekeringen and Belfius Data
Incident Date:
September 5, 2024
Overview
Title
Ransomware Attack Compromises DVV Verzekeringen and Belfius Data
Victim
DVV Verzekeringen
Attacker
Killsec
Location
First Reported
September 5, 2024
Ransomware Attack on DVV Verzekeringen by KillSec
DVV Verzekeringen, a prominent Belgian insurance company, has recently fallen victim to a ransomware attack orchestrated by the notorious cybercriminal group KillSec. This incident has compromised sensitive data from both DVV and Belfius, another major financial institution.
About DVV Verzekeringen
DVV Verzekeringen, established in 1929, is a leading insurance provider in Belgium, specializing in both life and non-life insurance products. The company operates under a customer-centric philosophy, emphasizing personalized service tailored to individual needs. With a network of over 346 offices across Belgium, DVV employs approximately 157 people, although some sources suggest a range of 501-1000 employees. The company generates around $6.9 million annually and has been recognized among the World's Best Insurance Firms for Homeowners and Life insurance categories by Forbes.
Attack Overview
The ransomware attack on DVV Verzekeringen has led to the compromise of sensitive data, including customer names, addresses, and login details. The data leak also affected Belfius, although their systems were not directly breached. The breach occurred through an external partner, Penbox, which is no longer associated with either company. Belfius has assured that their current systems remain secure and that no sensitive customer information has been encrypted.
About KillSec
KillSec is a ransomware group that emerged in 2021, known for its sophisticated cybercriminal activities. The group is aligned with the hacktivist movement and engages in various cyber activities, including data breaches and ransomware attacks. In 2024, KillSec launched a Ransomware-as-a-Service (RaaS) platform, enabling users to deploy ransomware attacks with minimal technical skills. The group demands ransom payments in Monero (XMR), a privacy-focused cryptocurrency, complicating tracking efforts by law enforcement.
Penetration Methods
KillSec employs various tactics to penetrate systems, including exploiting website vulnerabilities and credential theft. The group's operations are characterized by a high level of sophistication, utilizing tools that ensure anonymity and efficiency. The attack on DVV Verzekeringen likely involved exploiting vulnerabilities in the systems of their external partner, Penbox, leading to the data breach.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.