Major Russian insurer facing widespread outages after cyberattack

Russian insurer VSK has spent a week attempting to restore services after a major cyberattack damaged its systems, knocking offline its website, mobile app and other services used by millions of customers.

One of Russia’s largest universal insurers, Moscow-based VSK serves about 33 million people and more than 500,000 businesses and provides property, transport, health, travel, cargo and corporate insurance.

While VSK has not detailed the full impact of the incident, customers have flooded its social media pages with complaints, saying they cannot buy car insurance, amend policies, obtain guarantee letters or book medical appointments. Some people said medical providers were refusing services because they were unable to verify coverage. Email services were also disrupted, with VSK urging clients to send inquiries by regular mail.

The company has not said who was behind the attack or what the hackers’ motive may have been. Russian cybersecurity specialists told local media the incident was likely a ransomware attack.

VSK publicly confirmed the incident on November 13, saying it had detected “a large-scale cyberattack” the day before and was working with external experts to restore systems. 

“The incident affected only the performance of our IT infrastructure. The data of our customers and partners is safe,” the company said, adding that its physical offices remain open. It also warned that its corporate domain had been hijacked to redirect visitors to a fraudulent Telegram channel.

Although VSK said no personal data was compromised, Telegram channels linked to Ukrainian hackers shared screenshots of allegedly leaked information and backups from the company. The authenticity of those images could not be independently verified. 

The British government sanctioned VSK in 2024 for supporting Russia’s so-called “shadow fleet” — a network of poorly regulated vessels used to evade Western restrictions and maintain oil export revenues. London described the insurer as a key provider of marine coverage and related services for Russian-linked tankers and logistics chains. The European Union later added the company to its sanctions list.

The attack comes amid a surge in cyber incidents affecting major Russian enterprises. Last week, Russian port operator Port Alliance reported a large-scale DDoS attack “from abroad” that hit key digital systems, allegedly in an attempt to disrupt coal and fertilizer shipments. In October, a cyberattack on Russia’s agricultural and food safety watchdog snarled food shipments nationwide. It remains unclear whether these incidents are politically or financially motivated. 

Days after VSK disclosed its breach, pro-Russian hacker group NoName057(16) said it had launched DDoS attacks against several Ukrainian insurance companies. The group did not explicitly link the campaign to the attack on VSK, and it was unclear whether those targets experienced any operational disruptions.