Bits ‘n Pieces (Trozos y Piezas)
EC: Seguros Equinoccial S.A data keaked by Vice Society
On January 28, data allegedly from Seguros Equinoccial S.A. was added to Vice Society’s leak site. Seguros Equinoccial offers various kinds of life, auto, corporate, and other insurance plans to individuals, families, and businesses.
Inspection of the leaked data revealed a folder called “bck” with 25 files in Excel. The reports contained fields such Name, Surname, Policy, ID or Ruc, Name of the Insured, Address, Phone, Mail, Chassis, Make, Model, Plates, Engine, Color, Sum Insured.
There is no notice on their website about any ransomware incident, and the firm did not reply to email inquiries sent on January 30 and February 2.
It appears that customer data has been acquired and leaked, but it is not known if any of the individual or business customers have been notified.
ES: LockBit claims to have attacked Luaces Asesores
In a recent update to their leak site, LockBit claimed to have attacked Luaces Asesores, an accounting, tax, and labor advisor firm. The firm’s name was added to the leak site on January 30 but without any file list or proof of claim.
An email to Luaces sent on January 30 asking about the claimed attack received no reply. As of publication, there is no notice of any incident on their website and it appears that the site may not have been updated since the 2017 income tax period.
MX: IT Servicios attack claimed by LockBit
Telecommunications firm IT Servicios was also added to LockBit3.0’s leak site on January 30, and also without any proof. There is no notice of any incident on their website at publication time and they did not reply to an email inquiry of January 30.
BR: Pharma Gestao attack claimed by LockBit
Pharma Gestao EPP-LTDA provides accounting, tax, financial, corporate, and consulting services for more than 180 pharmacies, partnering with other firms such as Price Baixo, Farma Voce, and Top Farma. On February 1, Pharma Gestao was added to the LockBit3.0 leak site, but without any proof. We could find no notice on their site or social media and have received no reply to an email inquiry sent yesterday.
MX: Casa Ley grocery chain attack claimed by Royal
Casa Ley grocery store chain has 290 stores. It was added to the Royal ransomware leak site yesterday, but Royal does not post any proof when they first list a victim and they do not make any claims about how much data they might have acquired. Casa Ley has not published any notice or statement about the claimed attack on their site or social media, and has not replied to an email inquiry.
This column reports on what we see published. But ransomware groups can err in their claims about who they attacked, so if there is no proof published, any claims posted or noted here should be viewed as unconfirmed claims. Future Trozos y Piezas columns may contain updates on specific claims. — Dissent
Additional material and editing by Dissent.