Ransomware Attack on Quálitas México: 5.5 TB Data Breach

Incident Date:

September 1, 2024

World map

Overview

Title

Ransomware Attack on Quálitas México: 5.5 TB Data Breach

Victim

Quálitas México

Attacker

Hunters International

Location

Ciudad de México, Mexico

, Mexico

First Reported

September 1, 2024

Ransomware Attack on Quálitas México by Hunters International

Quálitas México, a leading automotive insurance provider, has recently fallen victim to a ransomware attack orchestrated by the Hunters International group. The attackers claim to have exfiltrated 5.5 TB of data, posing significant risks to the company's operations and the security of its clients' information.

About Quálitas México

Quálitas Compañía de Seguros, S.A.B. de C.V., commonly known as Quálitas, is a prominent Mexican insurance company specializing in automotive insurance. Established in 1993, the company has grown to become the market leader in Mexico's automotive insurance sector. Quálitas operates 165 branches across Mexico and has expanded internationally with subsidiaries in El Salvador, Costa Rica, and the United States. The company employs approximately 5,650 people and works with over 20,000 insurance agents, providing comprehensive coverage for personal cars, trucks, public transport vehicles, and motorcycles.

Attack Overview

The ransomware group Hunters International has claimed responsibility for the attack on Quálitas México. The group announced the breach on their dark web leak site, stating that they had infiltrated the company's systems and accessed 5.5 TB of data. The extent of the compromised data and the potential ransom demands remain critical concerns for Quálitas as they navigate this cyber crisis.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains significant overlap with Hive's, indicating a shared technical lineage. Hunters International focuses on exfiltrating target data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.

Penetration and Vulnerabilities

While the exact method of penetration used by Hunters International in the Quálitas attack is not publicly disclosed, the group's tactics often involve exploiting vulnerabilities in network security, phishing attacks, and leveraging stolen credentials. Quálitas' extensive use of online services and mobile applications, such as Q-Móvil, may have presented potential entry points for the attackers. The company's reliance on a decentralized network of independent insurance agents could also pose additional security challenges.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.