CNA Financial Insurance Company Paid $40 Million to Free Itself From Ransomware Attack

hacker
Hacker ransomware Pixabay/TheDigitalWay

CNA Financial insurance company may have paid one of the most expensive malware ransoms to date. This is the company's desperate move to free itself from the hackers.

CNA Financial Insurance Company Paid Attacker

According to Bloomberg, the US insurance company shelled out $40 million in late March to regain control of its network following a two-week lockout.

In order to put that payout in perspective, the CEO of the Colonial Pipeline said in an interview with The Wall Street Journal this week that his company paid $4.4 million to hackers after a ransomware attack that led to fuel shortages across the United States.

A spokesperson for the company told Bloomberg that CNA Financial is not commenting on the ransom and that CNA Financial followed all the laws, regulations, and published guidance, including OFAC's 2020 ransomware guidance, in its handling of the matter.

The company fell victim to Phoenix Locker, an offshoot of the Hades ransomware created by the infamous Russian cybercrime operation Evil Corp.

Some security researchers believe that Evil Corp is also behind WastedLocker, which is the malware linked to 2020's Garmin ransomware attack.

In 2019, the US Treasury Department sanctioned the group for its activities. It is unclear if Phoenix, the group behind the CNA Financial attack, is affiliated with Evil Corp.

Ransomware Attack Payment

Ransomware attack payments are rarely disclosed. According to Palo Alto Networks, the average payment in 2020 was $312,493, and it is a 171% increase from the payments that companies made in 2019.

The $40 million payment made by CNA Financial is bigger than any previously disclosed payments to hackers, The Verge reported.

Disclosure of the payment is likely to draw the ire of lawmakers and regulators that are already unhappy that companies from the United States are making large payouts to criminal hackers who, over the last year, have targeted hospitals, drug makers, police forces, and other entities that are critical to public safety.

The FBI discourage organizations from paying ransom because it encourages additional attacks and does not guarantee that data will be returned.

Ransomware is a type of malware that encrypts the data of the victim. Cybercriminals using ransomware usually steal the data too. The hackers, then, ask for a payment to unlock the files and promise not to leak stolen data. In recent years, hackers have been targeting victims with cyber insurance policies and huge volumes of sensitive consumer data that make them more likely to pay a ransom.

Last year was a banner year for ransomware groups, with security experts and law enforcement agencies estimating that victims paid about $350 million in ransom. The cybercriminals took advantage of the pandemic, a time when hospitals, medical companies, and insurance companies were the busiest.

As per Bloomberg's report, CNA Financial initially ignored the hackers' demands while pursuing options to recover their files without engaging with the criminals. However, within a week, the company decided to start negotiations with the hackers, who were demanding $60 million.

Payment was made a week later.

This article is owned by Tech Times

Written by Sophie Webster

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics