CNA Financial pays out one of the biggest ransomware payments ever

By Mayank Sharma
published

Yet CNA officially denies engaging with attackers

Ransomware
(Image credit: Shutterstock)

US insurance company CNA Financial has reportedly handed over $40 million to a ransomware (opens in new tab) gang in order to buy back control of their computers. 

According to CNA’s own investigations, it fell victim to the Phoenix Locker ransomware, which, according to cybersecurity (opens in new tab) experts, is an offshoot of the Hades ransomware that was first unleashed by the infamous Russian cybercrime operators known as Evil Corp. 

In a traditional double-extortion scheme, the operators behind Phoenix Locker encrypted CNA computers, reportedly after making away with loads of confidential data. 

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window (opens in new tab)<<

However two anonymous individuals have now told Bloomberg (opens in new tab) that the company gave in to the demands and paid the ransom two weeks after the attack.

Ransomware menace

Ransomware attacks are one of the biggest threats to corporate networks.

According to the investigation by an FBI agent, victims paid over $140 million as ransom (opens in new tab) to their attackers in 2020, while some estimate this figure to be as high as $350 million (opens in new tab).

If the amount quoted by the anonymous sources is true, the CNA ransom is perhaps the biggest payment ever. For comparison, Colonial Pipeline (opens in new tab) paid about $5 million to their attacker last week, despite the fact that the attack disrupted the supply of fuel in several parts of the US.

Officially, CNA refused to comment on the ransom saying that the company consulted and shared intelligence about the attack and the hacker’s identity with the US law enforcement agencies in accordance with the law.

Cybersecurity challenge

CNA’s response isn’t surprising as the US administration and security agencies advise against paying (opens in new tab) extortion fees, though there is currently no law that prevents victims paying the ransom.

In a major announcement last week, AXA (opens in new tab) said that it would suspend the writing of cyber insurance policies for its French customers that refund the cost of ransom payments. 

However, in a strange turn of events, AXA itself fell victim (opens in new tab) to a ransomware attack and had to reportedly cough up the ransom to wriggle out of the situation.

Via Engadget (opens in new tab)

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

See more Computing news