UK insurer Kingfisher Insurance has been added to the dark web blog of ransomware gang LockBit 3.0. The cybercrime group claims to have lifted 1.4 terabytes of information from the company including the personal data of employees and customers. Kingfisher appears alongside six other companies the gang claims to have hacked this month.
Kingfisher Insurance operates eight brands across specialist insurance areas including car and home insurance.
LockBit 3.0 attacks Kingfisher Insurance
Kingfisher was added to the LockBit blog last night, with the gang claiming to have infiltrated the company’s servers and obtained a trove of data.
The criminals have set a deadline of 28 November for Kingfisher to respond to their undisclosed demands, otherwise they will begin publishing the 1.4 terabytes of data.
Management system accounts and passwords from Workaday and Access databases also cropped up in the initial data release. Tech Monitor has contacted Kingfisher Insurance for comment on the alleged breach.
At least six other victims have been posted to the blog this month, including Japanese tech company Ooymia. It works across a range of sectors, opening up the possibility of supply chain attacks if its systems have been been breached.
The company is in the supply chain of multiple organisations worldwide in industries including healthcare, communications and automotive, as well as pharmaceutical and electronic. It has a 20 October deadline to respond to LockBit’s demands.
What is LockBit 3.0?
LockBit 3.0 is a ransomware gang with an ever-growing list of victims. It has been the most active ransomware gang in the third quarter of 2022, committing 37% of the ransomware attacks, an increase of 5% since the previous quarter, according to research from security vendor CyberInt.
The gang wreaked havoc on the global private and public sectors in August, attacking the Italian tax offices, the cybersecurity firm Mandiant and NHS supplier Advanced. The latter attack led to disruptions to the NHS’s 111 service.
The gang itself was hacked in August. A DDoS attack was launched on LockBit’s dark web server, which hosts leaks from companies the gang has ransomed. At the time of the attack, LockBit was receiving “400 requests a second from over 1,000 servers”.