Ransomware Attack on Schyns Assurances & Finances by KillSec

Schyns Assurances & Finances, a brokerage firm based in Battice, Belgium, has recently fallen victim to a ransomware attack orchestrated by the notorious hacking group KillSec. The attack was publicly claimed by KillSec on their dark web leak site, where they asserted that they had successfully breached a third-party provider associated with Schyns Assurances & Finances.

About Schyns Assurances & Finances

Schyns Assurances & Finances is a well-established brokerage firm with over 40 years of experience in the insurance and financial services industry. The company operates under the registered name Schyns Assurances SA and is identified by the company number 0439.630.724. With a team of approximately 10 employees, the firm offers a range of services including insurance brokerage, financial consulting, and personalized advisory services. Their expertise spans various types of insurance products such as life, property, and health insurance, as well as wealth management and savings strategies.

What sets Schyns Assurances & Finances apart in the Belgian market is their commitment to building long-term relationships with clients, characterized by trust and transparency. They act as intermediaries between clients and insurance providers, ensuring that clients receive the best possible coverage options tailored to their unique circumstances.

Attack Overview

The ransomware attack on Schyns Assurances & Finances was executed by KillSec, a group known for targeting various industries and countries. According to KillSec, they managed to exfiltrate sensitive data related to the company's SaaS enterprise clients. The breach highlights the vulnerabilities that even well-established firms can face, particularly when relying on third-party providers for critical services.

About KillSec

KillSec, also known as Kill Security, is a ransomware group that has been active in targeting multiple sectors including government, manufacturing, defense, professional services, banking, and finance. The group is known for its extensive targeting and significant extortion amounts, which can range from 1,500 EUR to 10,000 EUR. KillSec uses a variety of communication channels such as Telegram, Session Messenger, and Tox, and prefers Monero (XMR) cryptocurrency for transactions.

KillSec distinguishes itself through its sophisticated attack methods and the use of multiple communication channels and crypto wallets. The group is tracked and monitored by various cybersecurity platforms, including ID Ransomware and Ransom-DB. Recent activity indicates that KillSec continues to be a significant threat to organizations across different industries.

Penetration Methods

While the exact methods used by KillSec to penetrate Schyns Assurances & Finances' systems are not fully disclosed, it is likely that the group exploited vulnerabilities in the third-party provider's security infrastructure. This breach underscores the importance of robust cybersecurity measures and the need for continuous monitoring and assessment of third-party risks.

Sources

• Schyns Assurances & Finances
• KillSec Ransomware Group
• FSMA
• DNB Business Directory
• ID Ransomware