Major insurer pays millions of dollars after severe ransomware attack

CNA Financial, one of the largest insurers in the United States, would have negotiated a payment of about $40 million USD to regain access to its computer systems, compromised by a ransomware infection. According to cybersecurity specialists, this amount exceeds the highest ransom demand generated by these cyberattacks throughout 2020, in addition to being well over $15 million from the highest ransom of 2019.

In this regard, the company has only mentioned that on March 21, a complex cybersecurity attack was detected, which caused severe disruptions to its computer systems. On the other hand, a source close to the incident claims that employees experienced a lockdown on their work systems and that the attack involved the theft of confidential information.

An update released in past days mentions that the company is already collaborating with digital forensic specialists, and also ensures that no anomalous activity has been detected since the first attack.

As many users will know, ransomware groups can perform network recognition and scroll through all compromised infrastructure before starting the attack, which also allows them to steal sensitive information before encrypting it and perform a double extortion attack, filtering private information to force victims to make the payment.

So far the company continues to maintain few updates on the incident, although in its latest message they ensure that registration, subscription or claims systems were not compromised, so confidential customer information is safe.

The latest update by the informant mentions that the company has already completely restored its systems, so its services work fully. On the other hand, a CNA spokesperson stated that the company agreed to all legal guidelines to address such incidents; it is mentioned that the company received consulting from the Federal Bureau of Investigation (FBI) and the Office of Foreign Assets Control (OFAC). It should be remembered that the authorities in the U.S. do not recommend making payments for these bailouts, although it has a guideline for acting in cases like this.

In related news this week, insurance company AXA also became the target of a ransomware group, allegedly using the Avaddon variant. In this case, threat actors stole up to 3TB of sensitive information, including clinical records, bank details, personal identification cards, and contracts.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.