The number of cyberattacks in the insurance sector has been growing exponentially as insurance companies are migrating toward digital channels in an effort to expand their share of customer’s financial portfolios. Although these digital investments provide new strategic capabilities, on the other side these innovations tend to introduce new cyber-risks and attack vectors to organizations that are relatively inexperienced at dealing with the challenges of an omnichannel environment.
On August 18, 2020, the Cyble Research Team during their daily monitoring of cyber threats and risks they identified a leak post in which the REvil ransomware operators claimed to have breached National Western Life and in possession of 656 GB of company’s confidential data.
Founded in the year 1956, National Western Life is a well-known American stock life insurance company headquartered in Austin, Texas. With over 25000 employees the company has been earning annual revenue of around $636.2 million.
Snippet of the post on REvil website –
In that leak disclosure post, the ransomware group posted a couple of screenshots to support their claim of the breach which seems to include a snapshot of database files, passport copies of family members of the company’s CEO, corporate contract agreements, information of their clients, and much more.
Then after 3 days on 23 August, the ransomware operators published another post in which they claimed to have access to the company’s mails, and along with that they released 1% approx. of the total data leak. After analyzing the leaked files, it seems to contain details of the company’s customers that include customer’s SSNs, date of birth, full name, date of death, residence state, policy number, and policy termination date.
Below are the few snapshots of the leaked files being released by the REvil ransomware operators.
Tips on how to prevent ransomware attacks –
- Never click on unverified/unidentified links
- Do not open untrusted email attachments
- Only download from sites you trust
- Never use unfamiliar USBs
- Use security software and keep it updated
- Backup your data periodically
- Isolate the infected system from the network
- Use mail server content scanning and filtering
It is recommended to follow above mentioned prevention methods and never pay the ransom.
Cyble is an Atlanta, US-based, global premium cyber-security firm with tools and capabilities to provide near real-time cyber threat intelligence.
Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.
This monitoring and notification platform gives the average consumer insights into their personal cybersecurity issues, allowing them to take action then as needed. It has recently earned accolades from Forbes as being the top 20 cyber-security companies to watch in 2020.