Ransomware Attack on Laxmi Capital Market by Kill Security
Incident Date:
May 16, 2024
Overview
Title
Ransomware Attack on Laxmi Capital Market by Kill Security
Victim
Laxmi Capital Market
Attacker
Killsec
Location
First Reported
May 16, 2024
Ransomware Attack on Laxmi Capital Market by Kill Security
Victim Overview
Laxmi Capital Market Limited, a financial services company based in Nepal, was targeted by a ransomware attack conducted by the cybercriminal group known as Kill Security. The company offers services such as stock broking, merchant banking, portfolio management, and investment advisory services.
Company Size and Standout Features
The company operates independently under professional management with strategic support from the Board and the parent company, Laxmi Bank Limited. The company's standout feature is its comprehensive range of services, including merchant banking, investment banking, and financial solutions.
Attack Details
The ransomware attack on Laxmi Capital Market involved the cybercriminals demanding a ransom of $10,000. The attackers stole various types of data, including source code, databases, SSL certificates, and personally identifiable information (PII). A sample of the compromised data was leaked, and a ransom deadline was set for May 31, 2024.
Ransomware Group: Kill Security
Kill Security is a relatively new ransomware group that primarily conducts ransomware attacks targeting industries such as government, manufacturing, defense, professional services, and banking and finance. The group distinguishes itself by demanding ransom payments ranging from 1,500 EUR to 10,000 EUR and using various communication channels for extortion.
Company Vulnerabilities
The financial company's vulnerabilities in being targeted by threat actors may include inadequate cybersecurity measures, lack of robust data protection protocols, and potential gaps in network security that allowed the ransomware group to penetrate the company's systems.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.