Ransomware Attack on Laxmi Capital Market by Kill Security

Victim Overview

Laxmi Capital Market Limited, a financial services company based in Nepal, was targeted by a ransomware attack conducted by the cybercriminal group known as Kill Security. The company offers services such as stock broking, merchant banking, portfolio management, and investment advisory services.

Company Size and Standout Features

The company operates independently under professional management with strategic support from the Board and the parent company, Laxmi Bank Limited. The company's standout feature is its comprehensive range of services, including merchant banking, investment banking, and financial solutions.

Attack Details

The ransomware attack on Laxmi Capital Market involved the cybercriminals demanding a ransom of $10,000. The attackers stole various types of data, including source code, databases, SSL certificates, and personally identifiable information (PII). A sample of the compromised data was leaked, and a ransom deadline was set for May 31, 2024.

Ransomware Group: Kill Security

Kill Security is a relatively new ransomware group that primarily conducts ransomware attacks targeting industries such as government, manufacturing, defense, professional services, and banking and finance. The group distinguishes itself by demanding ransom payments ranging from 1,500 EUR to 10,000 EUR and using various communication channels for extortion.

Company Vulnerabilities

The financial company's vulnerabilities in being targeted by threat actors may include inadequate cybersecurity measures, lack of robust data protection protocols, and potential gaps in network security that allowed the ransomware group to penetrate the company's systems.

Sources

• Laxmi Capital Market Limited
• WatchGuard - Kill Security Ransomware Tracker
• BlackBerry - KillNet Ransomware Protection
• Dark Web Informer Twitter
• MonThreat Twitter