Insurance company CNA faced a ransomware attack in March. The attackers knocked out most of the systems and obtained sensitive data. The price the company paid to restore the systems and recover the data was a whopping $40 million.
CNA is considered one of the largest commercial insurance companies in the United States. In addition, cyber insurance is among the products offered by CNA.
“Cybercrime continues unabated, growing in sophistication, frequency and severity. In fact, cyber risk is among the top risk concerns of companies globally. CNA CyberPrep, built on nearly two decades of cyber insurance expertise, is a proactive program of cyber risk services developed by CNA Risk Control and CNA Cyber insurance underwriters in partnership with leading cybersecurity specialists. It is designed to aid CNA cyber policyholders in cyber threat identification, mitigation and response”, states in CNA CyberPrep Brochure.
Evil Corp Likely Behind This Attack
Bleeping Computer reported that the attackers encrypted more than 15,000 of the company’s devices in the attack. The known cybercrime group Evil Corp is likely behind this attack. The attackers used a new ransomware called Phoenix CryptoLocker, a variant of ransomware ‘Hades.’ It is a type of ransomware that instantly encrypts files on compromised machines and demands a ransom from victims in exchange for sending an unlock key.
In a statement CNA said, “We do not believe that the Systems of Record, claims systems, or underwriting systems, where the majority of policyholder data–including policy terms and coverage limits–is stored, were impacted.”
After the ransomware attack, the company decided to go the route of paying a $40 million ransom to regain control of its network. This is the highest of the disclosed payments made to hackers so far.
“CNA followed all laws, regulations, and published guidance, including OFAC’s 2020 ransomware guidance, in its handling of this matter,” Cara McCall – the spokeswoman of CNA.
The cybercrime group was sanctioned by the US Treasury Department back in 2019. Americans who fell victim to this group were prohibited from paying ransom. At the time, the Evil Corp group used malware to infect computers and obtain login credentials from various banks and financial institutions in more than 40 countries, according to the US Treasury Department. These activities entailed a cost of more than $100 million. But in this case, CNA reports that Phoenix CryptoLocker is not on any prohibited party list and is not a sanctioned entity.
However, the FBI is warning victims not to encourage attackers to carry out further attacks by paying ransoms. In addition, even after payment, there is no guarantee that the stolen files will be recovered and not disclosed.
The average ransom increased by 171% in 2020 compared to 2019. According to Palo Alto Networks, the average payment last year was about $312,000.
References
Cyber insurance giant CNA paid out $40 million to its ransomware attackers
CNA Financial Paid $40 Million in Ransom After March Cyberattack
