Gunra Ransomware Allegedly Breaches Seoul Guarantee Insurance and Seguros América

The Gunra ransomware group has allegedly targeted two major players in the insurance sector, Seoul Guarantee Insurance (SGI) and Seguros América. The cybercriminal gang recently listed both companies on its dark web leak site, claiming to have exfiltrated a massive trove of sensitive data. This double-extortion tactic, where data is stolen before systems are encrypted, puts significant pressure on victims to meet the attackers’ demands to prevent the public release of confidential information.

The alleged victims are significant entities in their respective regions, handling vast amounts of customer and financial data. The breach claims are substantial, with the attackers boasting of possessing a “13.2T pure compressed oracle database” from Seoul Guarantee Insurance and “customer data from insurance database” from Seguros América. The publication of such data could lead to severe financial and reputational damage for the companies and widespread privacy violations for their customers.

The victims of the alleged attacks are:

🇰🇷 Seoul Guarantee Insurance (SGI): As South Korea’s largest and only comprehensive guarantee insurance provider, SGI plays a critical role in the country’s economy, offering a wide range of services from contract bonds to housing rental loan guarantees. It is a publicly-traded company and ranks among the top guarantee insurers globally.
🇳🇮 Seguros América: A leading insurance company in Nicaragua, providing property, personal, and surety insurance since 1997. The company is a key part of the Nicaraguan financial landscape, underwriting significant personal and commercial risks within the country.

Evidence of the breach at Seguros América is substantiated by a directory listing posted by the attackers, which includes files that appear to contain highly sensitive customer and corporate information. Titles of the allegedly leaked data include: