US insurance company CNA Financial has reportedly handed over $40 million to a ransomware (opens in new tab) gang in order to buy back control of their computers.
According to CNA’s own investigations, it fell victim to the Phoenix Locker ransomware, which, according to cybersecurity (opens in new tab) experts, is an offshoot of the Hades ransomware that was first unleashed by the infamous Russian cybercrime operators known as Evil Corp.
In a traditional double-extortion scheme, the operators behind Phoenix Locker encrypted CNA computers, reportedly after making away with loads of confidential data.
- We’ve rounded up the best ransomware protection tools (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
- Check our list of the best firewall apps and services (opens in new tab)
However two anonymous individuals have now told Bloomberg (opens in new tab) that the company gave in to the demands and paid the ransom two weeks after the attack.
Ransomware menace
Ransomware attacks are one of the biggest threats to corporate networks.
According to the investigation by an FBI agent, victims paid over $140 million as ransom (opens in new tab) to their attackers in 2020, while some estimate this figure to be as high as $350 million (opens in new tab).
If the amount quoted by the anonymous sources is true, the CNA ransom is perhaps the biggest payment ever. For comparison, Colonial Pipeline (opens in new tab) paid about $5 million to their attacker last week, despite the fact that the attack disrupted the supply of fuel in several parts of the US.
Officially, CNA refused to comment on the ransom saying that the company consulted and shared intelligence about the attack and the hacker’s identity with the US law enforcement agencies in accordance with the law.
Cybersecurity challenge
CNA’s response isn’t surprising as the US administration and security agencies advise against paying (opens in new tab) extortion fees, though there is currently no law that prevents victims paying the ransom.
In a major announcement last week, AXA (opens in new tab) said that it would suspend the writing of cyber insurance policies for its French customers that refund the cost of ransom payments.
However, in a strange turn of events, AXA itself fell victim (opens in new tab) to a ransomware attack and had to reportedly cough up the ransom to wriggle out of the situation.
- Protect your devices with these best antivirus software (opens in new tab)
Via Engadget (opens in new tab)