Kingfisher Insurance said that some of the company’s IT systems were accessed by an unauthorized third party.
Kingfisher’s name appeared on the LockBit ransomware cartel’s leak site on Monday, with threat actors claiming they stole 1.4TB of company data, including personal details of employees and customers.
The company acknowledged that it suffered from unauthorized access to Kingfisher’s IT systems, albeit denied threat actors could have stolen as much data as they claimed.
“Kingfisher UK Holdings Limited and certain Kingfisher Group subsidiary companies (Kingfisher) are aware that, for a limited period of time, part of their IT systems was accessed by an unauthorized third party,” Kingfisher’s representative told Cybernews.
“We are working with third-party IT security specialists to fully understand what happened. Their investigations to date confirm that a very limited number of non-sensitive files were copied during the incident,”
Kingfisher’s representative said.
According to the statement, the company’s IT team blocked all external access and took affected servers offline upon learning about the cyber incident. The company’s investigation concluded that there was “no ongoing impact on its business operations.”
“We are working with third-party IT security specialists to fully understand what happened. Their investigations to date confirm that a very limited number of non-sensitive files were copied during the incident,” Kingfisher’s representative said.
While the post on LockBit’s leak site says that hackers stole 1.4TB of data, Kingfisher refutes such claims saying that its investigation showed that “it is impossible for the criminal group behind this incident to have taken 1.4TB of data from the servers they indicate.”
Infamous cartel
LockBit-affiliated threat actors posted several email addresses that appear to belong to Kingfisher Insurance staff. The post included passwords to several management system accounts, such as Workday and Access, which the company uses.
LockBit ransomware cartel leads the digital extortion underworld. A ransomware report by threat intelligence firm Digital Shadows shows that in the second quarter of 2022, LockBit was the most active group by an overwhelming margin.
LockBit and its affiliates accounted for a third of all cyberattacks involving organizations being posted to ransomware data-leak sites. Researchers attributed 231 victims to LockBit.
While LockBit is far from the only successful ransomware group, it has outlasted many competitors. Prominent groups like REvil, Darkside, and Cl0p came and went, either regrouping or disbanding.
More recently, the Conti ransomware gang seems to have closed up shop once at the top of the ransomware game. Meanwhile, LockBit has been in the game since 2019, a lifetime in the ransomware business, releasing the second and, recently, the third generation of malware.
Pundits think LockBit’s success stems from the group’s ability to combine a business-oriented approach with specialized tech.
Your email address will not be published. Required fields are markedmarked