EPB Insurance Ransomware Attack by DragonForce (May 2026)

Claim Summary

The ransomware group DragonForce has allegedly claimed responsibility for a cyberattack against EPB Insurance, operating under the domain epbinsurance.com. According to the threat actor’s leak site post dated May 25, 2026, the group claims to have compromised the network of Ekblad, Pardee & Bewell, Inc., an independent insurance agency licensed in Minnesota, Wisconsin, South Dakota, and Arizona. The agency offers a range of insurance products including auto, home, life, health, and business insurance. The volume of allegedly exfiltrated data remains undisclosed, and no samples or proof of compromise have been publicly provided at this time.

Threat Actor Profile

DragonForce is a ransomware group with an unknown total number of confirmed victims, making credibility assessment difficult. The group has been observed using a toolkit that includes Mimikatz for credential dumping, Advanced IP Scanner and SoftPerfect NetScan for network reconnaissance, and PingCastle for Active Directory security auditing. These tools suggest a focus on lateral movement and privilege escalation within compromised networks. Without public research or a known track record, the group’s claims should be treated with heightened skepticism. No YARA rules or detection guidance specific to DragonForce is currently available in open sources.

Alleged Data Exposure

The threat actor claims to have accessed data from EPB Insurance but has not disclosed the specific types of records compromised. Given the nature of the victim’s business as an insurance agency, potential data types could include client personal information, policy details, claims history, financial records, and employee data. However, without confirmation or data samples, the scope and veracity of the alleged breach remain unverified. Ransomware groups frequently exaggerate or fabricate claims to pressure victims into negotiations.

Potential Impact

If the claim is substantiated, the impact on EPB Insurance could be significant. As a financial services entity handling sensitive client data, a breach could lead to regulatory scrutiny under state and federal data protection laws, potential fines, and reputational damage. Clients may face risks of identity theft or fraud if personally identifiable information (PII) is involved. Business operations could be disrupted if systems were encrypted, and the agency may need to notify affected parties and implement remediation measures.

What to Watch For

• Monitor DragonForce’s leak site for any future publication of data samples or full datasets.
• EPB Insurance clients should watch for official communications from the company regarding the incident.
• Check for any unusual account activity or phishing attempts targeting employees or clients.
• Security teams should review network logs for indicators of compromise associated with DragonForce’s known tools (Mimikatz, Advanced IP Scanner, PingCastle, SoftPerfect NetScan).

Disclaimer

This report is based solely on an unverified claim posted by the DragonForce ransomware group on their leak site. Yazoul Security has not independently confirmed the breach, the data exfiltration, or any associated ransom demands. Ransomware groups frequently exaggerate or fabricate claims to pressure victims. All information should be treated as preliminary and subject to change upon verification. Organizations should consult official sources and their security teams before taking action.