Cyber Incident Victim: Makler
Date:
Sep 2022
Location:
Venezuela
Summary
LockBit ransomware group listed Makler, a Venezuelan insurance brokerage firm, on their leak site as part of a series of attacks targeting South American entities. The claim lacked supporting evidence such as a proof pack, and no breach confirmation was found on the firm's official channels or social media. This incident occurred amidst other unconfirmed ransomware listings affecting organizations in Chile, Colombia, and Peru, highlighting regional cybersecurity threats. DataBreaches.net noted LockBit's history of inaccuracies in victim identification, leaving the validity of these claims uncertain without further verification.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around September 16, 2022, the LockBit ransomware group listed Venezuelan insurance brokerage firm Makler on their data leak site, alleging a compromise. The listing occurred alongside three other South American entities: Chile’s Comisión Nacional de Acreditación (CNA), Colombian firms Independence (oil/gas drilling services) and Quintal (chemical manufacturing). LockBit claimed to have exfiltrated 180 GB of data from Independence but provided no proof pack for Makler or the other victims at the time of reporting. DataBreaches.net attempted to verify the claims by contacting LockBit via Tox and emailing CNA but received no responses from either party. Makler’s website and social media channels showed no public statements acknowledging a breach, disruption, or security incident. Similarly, Independence and Quintal lacked breach disclosures on official platforms or active social media accounts. LockBit’s history of occasional inaccuracies in victim identification led DataBreaches to classify all claims—including Makler’s—as unconfirmed pending corroborating evidence. The absence of leaked samples or operational disruptions reported by the victims further complicated incident validation.
The Makler listing coincided with heightened ransomware activity across South America. Chile’s CNA appeared on LockBit’s site weeks after the country’s SERNAC consumer protection agency suffered a separate cyberattack and CSIRT issued a ransomware alert to public entities. In Peru, an unrelated breach involved Instituto De Desarrollo Profesional (IDEPRO), where 1GB of SQL data containing 1,100 individuals’ credentials and personal information was listed on a hacking forum. Peru’s national digital security center confirmed coordinating with relevant institutions after DataBreaches alerted them, though IDEPRO’s website displayed no incident notice. LockBit’s simultaneous targeting of Chilean, Colombian, and Venezuelan organizations suggested a regional focus, though victim sectors varied from education (CNA, IDEPRO) to industrial services (Independence, Quintal) and insurance (Makler). No ransomware deployment timelines, initial access vectors, or financial demands were disclosed for Makler. The lack of observable containment measures, victim communications, or data recovery actions left the incident’s operational and reputational impacts unverified.