Landmark Life Insurance Co Hit by Abyss Ransomware, Sensitive Data Compromised

Incident Date: Jun 27, 2024

Attack Overview
VICTIM
Landmark Life Insurance Co
INDUSTRY
Insurance
LOCATION
USA
ATTACKER
Abyss
FIRST REPORTED
June 27, 2024

Landmark Life Insurance Co Targeted by Abyss Ransomware Group

Overview of Landmark Life Insurance Co

Landmark Life Insurance Co, headquartered in Brownwood, Texas, specializes in providing life insurance products and services. The company offers term life, whole life, and universal life insurance options, designed to provide financial protection to beneficiaries upon the policyholder's death. Additional riders and benefits, such as accidental death benefits and critical illness coverage, allow for customized coverage. With a workforce of 11-50 employees, Landmark Life Insurance Co is known for personalized consultations, assistance with the application and underwriting process, and ongoing customer service, making it a notable player in the insurance sector.

Details of the Ransomware Attack

On May 13, 2024, Landmark Life Insurance Co was targeted by the Abyss ransomware group, resulting in the compromise of sensitive personal, medical, and insurance information. The stolen data includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, financial account numbers, tax identification numbers, medical information, health insurance policy numbers, and life and annuity policy information. The company has begun notifying affected individuals and relevant authorities, including the Maine Attorney General's Office and Massachusetts’ Office of Consumer Affairs and Business Regulation. The full scope of the breach is still under investigation, and the number of impacted individuals has not yet been disclosed. Landmark Life Insurance Co has advised potentially affected individuals to monitor their account statements and credit reports for signs of unauthorized activity.

Profile of the Abyss Ransomware Group

The Abyss ransomware group, a multi-extortion operation that emerged in March 2023, primarily targets VMware ESXi environments. Known for hosting a TOR-based website to list victims and exfiltrated data, Abyss Locker ransomware campaigns have targeted various industries, including finance, manufacturing, information technology, and healthcare, with a focus on the United States. Initial access often involves weak SSH configurations and SSH brute force attacks. For Linux systems, Abyss Locker payloads are derived from the Babuk codebase. Encrypted files are marked with the ".crypt" extension, and ransom notes are found in folders containing encrypted files with the .README_TO_RESTORE extension.

Potential Vulnerabilities and Penetration Methods

Landmark Life Insurance Co may have been vulnerable due to weak SSH configurations and insufficiently secured remote access points. Outdated software and lack of regular system updates can also expose vulnerabilities. The Abyss ransomware group likely leveraged these weaknesses to penetrate the company's systems. This attack highlights the importance of robust cybersecurity measures, including strong password policies, multi-factor authentication, regular system updates, and comprehensive backup and disaster recovery processes. As the investigation continues, it is crucial for organizations to remain vigilant and proactive in their cybersecurity efforts to mitigate similar risks.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.