Ransomware Attack on Quálitas México: 5.5 TB Data Breach
Ransomware Attack on Quálitas México by Hunters International
Quálitas México, a leading automotive insurance provider, has recently fallen victim to a ransomware attack orchestrated by the Hunters International group. The attackers claim to have exfiltrated 5.5 TB of data, posing significant risks to the company's operations and the security of its clients' information.
About Quálitas México
Quálitas Compañía de Seguros, S.A.B. de C.V., commonly known as Quálitas, is a prominent Mexican insurance company specializing in automotive insurance. Established in 1993, the company has grown to become the market leader in Mexico's automotive insurance sector. Quálitas operates 165 branches across Mexico and has expanded internationally with subsidiaries in El Salvador, Costa Rica, and the United States. The company employs approximately 5,650 people and works with over 20,000 insurance agents, providing comprehensive coverage for personal cars, trucks, public transport vehicles, and motorcycles.
Attack Overview
The ransomware group Hunters International has claimed responsibility for the attack on Quálitas México. The group announced the breach on their dark web leak site, stating that they had infiltrated the company's systems and accessed 5.5 TB of data. The extent of the compromised data and the potential ransom demands remain critical concerns for Quálitas as they navigate this cyber crisis.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains significant overlap with Hive's, indicating a shared technical lineage. Hunters International focuses on exfiltrating target data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.
Penetration and Vulnerabilities
While the exact method of penetration used by Hunters International in the Quálitas attack is not publicly disclosed, the group's tactics often involve exploiting vulnerabilities in network security, phishing attacks, and leveraging stolen credentials. Quálitas' extensive use of online services and mobile applications, such as Q-Móvil, may have presented potential entry points for the attackers. The company's reliance on a decentralized network of independent insurance agents could also pose additional security challenges.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!