Quick Summary
AllegedExecutive Summary
Pirámide Seguros, a financial services company based in Venezuela, has been publicly listed as a victim by the Gunra ransomware group on their dark web portal. The entry was published on June 30, 2026, and was identified by SOCRadar’s Dark Web Monitoring service. The company operates within the insurance sector, and it is one of several Latin American organizations that have recently appeared on Gunra’s victim list.
Technical Analysis
SOCRadar’s investigation revealed a significant exposure related to the segurospiramide.com domain through their stealer-log telemetry. Approximately 25 recent credential records were captured, specifically targeting external or policyholder-facing accounts on the organization’s web portals, rather than internal employee credentials. The compromised surfaces included the main domain’s login and registration paths, as well as subdomains operating on non-standard ports. This credential capture occurred actively between June 22 and June 30, 2026, indicating ongoing theft aimed at customer-facing systems. The primary risk identified is account takeover for customers and potential supplier risk, with no corporate workstation credentials found in the sampled data. The Gunra ransomware group commonly uses credentials harvested by infostealers as an initial access method, sourcing them from underground marketplaces to gain access to systems before deploying ransomware. While the exposed credentials in this instance primarily consist of customer accounts, the active harvesting against policyholder portals remains a serious concern for a regulated financial entity. Recommended actions include customer notification, enhanced account takeover monitoring, enforcement of multi-factor authentication on portal endpoints, and a review of exposed non-standard port services.