Insurance giant CNA Financial paid a $40 million ransom

May 21, 2021  By Pierluigi Paganini


The US insurance giant CNA Financial reportedly paid a $40 million ransom to restore access to its files following a ransomware attack. 

CNA Financial, one of the largest insurance companies in the US, reportedly paid a $40 ransom to restore access to its files following a ransomware attack that took place in March.

According to Bloomberg, CNA Financial opted to pay the ransom two weeks after the security breach because it was not able to restore its operations. Bloomberg was informed about the payment by two people familiar with the attack.

The systems at the company were infected with the Phoenix Locker, a variant of ransomware tracked as Hades that was part of the arsenal of the cybercrime group known as Evil Corp.

“According to the two people familiar with the CNA attack, the company initially ignored the hackers’ demands while pursuing options to recover their files without engaging with the criminals. But within a week, the company decided to start negotiations with the hackers, who were demanding $60 million. Payment was made a week later, according to the people.” reported Bloomberg.

CNA Financial immediately launched an investigation into the incident and reported it to the FBI and the Treasury Department’s Office of Foreign Assets Control.

On May 12, CNA announced that it did not believe that the systems of record, claims systems, or underwriting systems, where the majority of policyholder data – including policy terms and coverage limits – is stored, were impacted.

The insurance company will not comment on the ransom.

“CNA is not commenting on the ransom,” spokeswoman Cara McCall said. “CNA followed all laws, regulations, and published guidance, including OFAC’s 2020 ransomware guidance, in its handling of this matter.”

Recently another insurance firm, AXA, was the victim of a ransomware attack. The Avaddon group announced to have hacked the Asian branch of Axa and stole three terabytes of data

It is curious that recently Axa announced that in France it will no longer reimburse ransomware payments for its customers. The decision is the result of the increased number of ransomware attacks and the large ransom demanded by cybercriminals.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

Bitcoins of DarkSide ransomware gang still locked in hacker forum's escrow

 After DarkSide ransomware gang shut down operations, multiple affiliates have complained about not receiving the payments...