SenSayQ Ransomware Disrupts Premium Broking House Operations

Incident Date:

June 18, 2024

World map

Overview

Title

SenSayQ Ransomware Disrupts Premium Broking House Operations

Victim

Premium Broking House

Attacker

SenSayQ

Location

Dekwaneh, Lebanon

, Lebanon

First Reported

June 18, 2024

Ransomware Attack on Premium Broking House by SenSayQ

Company Profile: Premium Broking House

Premium Broking House, established in 2012 in Lebanon, operates as a boutique international reinsurance brokerage firm. With a specialized focus on the MENA region, GCC countries, Africa, Eastern and Western Europe, the firm offers tailored reinsurance support and consultancy services. Their expertise spans across various lines including marine cargo, political risks, and international treaty reinsurance. Despite its small size with an annual revenue of $1 million and a workforce of 17 employees, the firm stands out due to its deep-rooted experience and personalized service approach in the reinsurance sector.

Overview of the Attack

The Sensayq ransomware group, known for its double-extortion tactics, has recently targeted Premium Broking House, leading to significant operational disruptions. This attack marks the continuation of the group's pattern of targeting firms within the financial sectors, exploiting vulnerabilities in their security systems to exfiltrate and encrypt data.

Details on SenSayQ Ransomware Group

SenSayQ emerged in the cyber threat landscape in mid-2024, quickly distinguishing itself by employing a Lockbit variant for encryption. The group's modus operandi involves not only encrypting the victim's files but also stealing data, followed by demands for ransom through notes left in the system. Their approach pressures the victims to respond within a set timeframe to prevent the public release of the stolen data.

Potential Vulnerabilities and Entry Points

Given the nature of Premium Broking House’s operations and its digital presence, the firm's cybersecurity measures might not have been robust enough to ward off advanced persistent threats like those posed by SenSayQ. The specific entry point for the ransomware could have been through phishing attacks, unsecured networks, or exploitation of software vulnerabilities, common tactics used by cybercriminals to infiltrate small to medium-sized enterprises.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.