東芝子会社がランサムウェア攻撃を確認、DarkSideの関与の可能性
May 14, 2021
保険大手のAXA、ランサムウェア攻撃を受ける
May 18, 2021

Insurance Giant AXA – victim of Ransomware attack

AXA, which is one of the biggest insurance firms based in France, suffered a ransomware attack in mid-May at various branches in many countries including Thailand, Malaysia, Hong Kong, and the Philippines.

This ransomware attack took place after AXA launched the statement that they will stop paying any kind of ransoms to the adversaries.

It is believed that more than 3 Terabytes of data was stolen which includes the below mentioned things.

  • ID cards
  • Passport copies
  • Agreements
  • Reimbursements
  • Customer Payments
  • Contracts and Reports

and many more….

A DDOS attack was also launched against the website which resulted in their website being brought down and therefore was not accessible.

Avaddon ransomware group held responsible 

The Avaddon group, based in Russia, confirmed that they have been behind the ransomware attack. The group has also been involved in some very high-level ransomware attacks as well.

The Avaddon group informed that in case the ransoms are not paid, they will launch the DDOS attack on AXA’s website so that the website is not accessible.

In the past it has been seen that ransomware groups have been using DDOS as a backup to bring the victim’s website down in case they deny paying the ransom.

The group also steals the files before locking them and use DDOS to threaten their victims. In the past it has been seen that the group has demanded an average of $40,000 USD.

A statement issued by AXA addressed the Asia-based attack saying, “As a result, certain data processed by Inter Partners Asia (IPA) in Thailand has been accessed.” 

Though, Avaddon has provided a passport copy from Thailand and one passport copy from the UK as evidence. The company was given a total of 240 hours to communicate with the attackers and if not, the attackers will go ahead and leak the valuable company documents.

Ransom – Should it be paid or not?

The million-dollar question that is always in the minds of all whether the ransom demanded should be paid or not. Many renowned security researchers believe that paying the ransom is encouraging the threat actors and to stop this ransomware spree, the cash flow must be broken.

AXA has not yet confirmed on how much amount was demanded by the threat actors.

AXA confirmed that they will stop paying any kind of payments involved in the ransomware in France and the decision has been appreciated by many security analysts as they believe that cutting out the payments to threat actors would reduce the number of Ransomware attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *