Ascoma Insurance Advisors, a leading Monaco-based insurance brokerage group, has reportedly fallen victim to a ransomware attack orchestrated by the Akira gang.
The incident, disclosed via a FalconFeedsio alert on March 12, 2025, highlights the relentless targeting of critical sectors by cybercriminals.
While Ascoma has not yet released an official statement, preliminary reports indicate that 12 GB of sensitive data was compromised.
The attack underscores Akira’s escalating global operations, which have impacted over 350 organizations and extorted $42 million since early 2023.
Attack Details and Immediate Implications
Akira, a ransomware-as-a-service (RaaS) group active since March 2023, has rapidly become one of the most prolific cybercrime enterprises.
Known for exploiting vulnerabilities in VPN services like Cisco ASA and VMware ESXi systems, the group has historically targeted industries ranging from healthcare to logistics.
In Ascoma’s case, the breach could expose client data, insurance agreements, and financial records, though specifics remain unconfirmed.
The Monaco-based firm, which operates across 21 African countries and manages risk solutions for multinational corporations, is now facing potential operational disruptions.
Akira’s dual-ransomware strategy—deploying both Windows and Linux variants—allows the group to encrypt diverse systems simultaneously, complicating recovery efforts.
Cybersecurity analysts suggest the attackers likely leveraged compromised VPN credentials or unpatched vulnerabilities to infiltrate Ascoma’s network, a tactic repeatedly observed in Akira’s campaigns.
Akira’s Growing Threat and Industry-Wide Recommendations
Akira’s attack on Ascoma follows a surge in activity, including a single-day leak of data from 32 victims in November 2024.
The group’s Tor-based leak site publicly shames non-compliant victims, amplifying pressure to pay ransoms.
CISA and Europol have flagged Akira’s use of tools like AnyDesk for persistence and Advanced IP Scanner for network reconnaissance, urging organizations to adopt multi-factor authentication (MFA) and patch known vulnerabilities.
The insurance sector remains a high-value target due to its access to sensitive client data.
Notably, French insurer AXA suffered a similar breach in 2021 after announcing it would cease ransomware payout coverage in France.
Joseph Carson, a cybersecurity expert, warns that ransomware’s financial toll has doubled since 2021, with average costs soaring to $1.85 million per incident.
Mitigation Strategies:
- Enforce MFA on all remote access systems.
- Regularly update VPN appliances and critical software.
- Conduct employee training to identify phishing attempts.
- Maintain offline backups to expedite recovery without ransom payments.
Also Read:
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=Ascoma Insurance Advisors, a leading Monaco-based insurance brokerage group, has fallen victim to a ransomware attack orchestrated by the Akira gang.){kind=link}