SenSayQ Ransomware Disrupts Premium Broking House Operations

Incident Date: Jun 18, 2024

Attack Overview
VICTIM
Premium Broking House
INDUSTRY
Insurance
LOCATION
Lebanon
ATTACKER
SenSayQ
FIRST REPORTED
June 18, 2024

Ransomware Attack on Premium Broking House by SenSayQ

Company Profile: Premium Broking House

Premium Broking House, established in 2012 in Lebanon, operates as a boutique international reinsurance brokerage firm. With a specialized focus on the MENA region, GCC countries, Africa, Eastern and Western Europe, the firm offers tailored reinsurance support and consultancy services. Their expertise spans across various lines including marine cargo, political risks, and international treaty reinsurance. Despite its small size with an annual revenue of $1 million and a workforce of 17 employees, the firm stands out due to its deep-rooted experience and personalized service approach in the reinsurance sector.

Overview of the Attack

The Sensayq ransomware group, known for its double-extortion tactics, has recently targeted Premium Broking House, leading to significant operational disruptions. This attack marks the continuation of the group's pattern of targeting firms within the financial sectors, exploiting vulnerabilities in their security systems to exfiltrate and encrypt data.

Details on SenSayQ Ransomware Group

SenSayQ emerged in the cyber threat landscape in mid-2024, quickly distinguishing itself by employing a Lockbit variant for encryption. The group's modus operandi involves not only encrypting the victim's files but also stealing data, followed by demands for ransom through notes left in the system. Their approach pressures the victims to respond within a set timeframe to prevent the public release of the stolen data.

Potential Vulnerabilities and Entry Points

Given the nature of Premium Broking House’s operations and its digital presence, the firm's cybersecurity measures might not have been robust enough to ward off advanced persistent threats like those posed by SenSayQ. The specific entry point for the ransomware could have been through phishing attacks, unsecured networks, or exploitation of software vulnerabilities, common tactics used by cybercriminals to infiltrate small to medium-sized enterprises.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.