Ransomware Attack Hits Belgian Insurer P&V Verzekeringen
Incident Date:
September 9, 2024
Overview
Title
Ransomware Attack Hits Belgian Insurer P&V Verzekeringen
Victim
P&V Verzekeringen
Attacker
Killsec
Location
First Reported
September 9, 2024
Ransomware Attack on P&V Verzekeringen by KillSecurity
P&V Verzekeringen, a cooperative insurance provider based in Belgium, has recently fallen victim to a ransomware attack orchestrated by the notorious cybercriminal group KillSecurity. The attack was disclosed on September 10, 2024, and has raised significant concerns about data security within the insurance sector.
About P&V Verzekeringen
Established in 1907, P&V Verzekeringen is a prominent cooperative insurance company headquartered in Brussels, Belgium. The company offers a wide range of insurance products, including auto, home, health, and life insurance, tailored to both individual and business needs. P&V is known for its community-oriented approach, emphasizing customer service and accessibility through a network of over 160 local advisors. The company employs approximately 1,129 individuals and is part of the larger P&V Group, which has around 1,700 employees in total.
Attack Overview
The ransomware attack on P&V Verzekeringen was executed by KillSecurity, a group known for targeting various industries and countries. According to the threat actors, they compromised a third-party provider and exfiltrated data related to SaaS enterprise clients. The exact size of the data leak remains unknown, but the implications for P&V's operations and customer data are potentially severe.
About KillSecurity
KillSecurity, also known as KillSec, is a ransomware group that has been active in targeting sectors such as government, manufacturing, defense, professional services, banking, and finance. The group uses a variety of communication channels, including Telegram, Session Messenger, and Tox, and demands extortion amounts ranging from 1,500 EUR to 10,000 EUR. KillSecurity is known for its sophisticated tactics and the use of Monero (XMR) cryptocurrency for transactions, making it difficult to trace their activities.
Vulnerabilities and Penetration
P&V Verzekeringen's reliance on third-party providers for SaaS solutions appears to have been a critical vulnerability exploited by KillSecurity. The attack underscores the importance of third-party risk management and the need for comprehensive cybersecurity measures to protect sensitive data. The exact method of penetration remains unclear, but it is likely that the attackers used phishing or other social engineering techniques to gain initial access.
Implications for P&V Verzekeringen
The ransomware attack on P&V Verzekeringen highlights the growing threat of cyberattacks in the insurance sector. As a company that prides itself on customer service and community engagement, the potential exposure of sensitive customer data could have significant reputational and financial repercussions. P&V will need to take immediate steps to mitigate the impact of the attack and strengthen its cybersecurity posture to prevent future incidents.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.