Ransomware Attack Exposes Sensitive Data of Policy Administration Solutions
Incident Date:
August 21, 2024
Overview
Title
Ransomware Attack Exposes Sensitive Data of Policy Administration Solutions
Victim
Policy Administration Solutions
Attacker
Play
Location
First Reported
August 21, 2024
Ransomware Attack on Policy Administration Solutions by Play Ransomware Group
Policy Administration Solutions (PAS), a specialized provider of automation solutions for the insurance industry, has recently fallen victim to a ransomware attack orchestrated by the Play ransomware group. The attack was first identified on August 21, and sensitive information was subsequently published on the dark web on August 26. The dark web post detailing the breach has garnered 308 views.
About Policy Administration Solutions
Founded in 1996 and headquartered in Manhasset, New York, PAS focuses on delivering advanced technology to insurance carriers, sureties, and large Managing General Agents (MGAs). The company offers a comprehensive suite of insurance policy administration software designed to streamline various business processes, including claims processing, policy management, and billing. PAS's solutions are built to accommodate the complexities of diverse insurance products, particularly in Property and Casualty (P&C) insurance.
What sets PAS apart is its configurability, allowing clients to tailor the software to meet specific business needs. The integration of artificial intelligence (AI) and API capabilities further enhances the adaptability of their solutions. The company employs a .NET MVC platform, ensuring stability and scalability, which are essential for handling the evolving demands of the insurance sector. PAS also provides consulting services, including training, documentation, and quality assurance.
Company Size and Revenue
PAS is a medium-sized company with 51-200 employees. Some sources specifically mention 56 employees. The company's revenue is reported to be in the range of "$1 Billion and Over," although this figure seems unusually high for a company of this size and may require further verification.
Attack Overview
The Play ransomware group, also known as PlayCrypt, has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focused on Latin America, the group has expanded its operations to North America, South America, and Europe. The group targets a diverse range of industries, including IT, transportation, construction, materials, government entities, and critical infrastructure.
Play ransomware uses various methods to gain entry into a network, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group employs tools like Mimikatz for privilege escalation and uses custom tools to enumerate all users and computers on a compromised network. The ransomware executes its code using scheduled tasks and PsExec, and it maintains persistence through these methods as well.
Penetration and Impact
The Play ransomware group distinguishes itself by not including an initial ransom demand or payment instructions in its ransom notes. Instead, victims are directed to contact the threat actors via email. The group has impacted over 300 entities, including businesses and critical infrastructure across multiple regions. The attack on PAS has compromised sensitive information, which has been published on the dark web.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.