In March 2021, one of the biggest Insurance companies in the US, CNA suffered a ransomware attack from the ransomware, Phoenix CryptoLocker that has possible links to the Evil Corp hacking group.
The company’s overall services and business was impacted which led to network disruption and impacting certain systems in the CNA environment. It is said that more than ten thousand devices were encrypted.
The systems were immediately taken down in order to stop the attack propagating to other systems and in May, an investigation was initiated with an external forensics company.
The company also informed that the servers which contained the policy holder’s information related to their policy terms and coverage limits were impacted the most.
It is believed that the group behind the new ransomware variant is the Evil Corp. Evil Corp is known to use the WastedLocker but due to heavy US government sanctions on the group in 2019, most ransomware negotiation firms have stopped facilitating WastedLocker ransom payments in fear of facing fines or legal action from the US government.
It is reported that the company has paid $40 million to the threat actors in order to get the decryption keys and stolen data back.
The hackers initially demanded for a $60 Million ransom based on the confidentiality of the stolen data but was turned down to $40 million after negotiations had been started.
Double extortion has become a very common tactic of ransomware groups where now threat actor steals the unencrypted files before encrypting them and then threating the victim with the threat of them posting the stolen data online for sale in case the ransom is not paid.
In May 2021, the company confirmed that the business is back to normal, and the team of cyber-forensics experts is investigating deeply into the matter.
Insurance companies are becoming more common targets as the data involved is highly confidential and the companies are most likely to pay the ransom than companies from other sectors.
© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.