US insurance company CNA Financial has reportedly handed over $40 million to a ransomware gang in order to buy back control of their computers.
According to CNA’s own investigations, it fell victim to the Phoenix Locker ransomware, which, according to cybersecurity experts, is an offshoot of the Hades ransomware that was first unleashed by the infamous Russian cybercrime operators known as Evil Corp.
In a traditional double-extortion scheme, the operators behind Phoenix Locker encrypted CNA computers, reportedly after making away with loads of confidential data.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
>> Click here to start the survey in a new window<<
However two anonymous individuals have now told Bloomberg that the company gave in to the demands and paid the ransom two weeks after the attack.
Ransomware attacks are one of the biggest threats to corporate networks.
According to the investigation by an FBI agent, victims paid over $140 million as ransom to their attackers in 2020, while some estimate this figure to be as high as $350 million.
If the amount quoted by the anonymous sources is true, the CNA ransom is perhaps the biggest payment ever. For comparison, Colonial Pipeline paid about $5 million to their attacker last week, despite the fact that the attack disrupted the supply of fuel in several parts of the US.
Officially, CNA refused to comment on the ransom saying that the company consulted and shared intelligence about the attack and the hacker’s identity with the US law enforcement agencies in accordance with the law.
CNA’s response isn’t surprising as the US administration and security agencies advise against paying extortion fees, though there is currently no law that prevents victims paying the ransom.
In a major announcement last week, AXA said that it would suspend the writing of cyber insurance policies for its French customers that refund the cost of ransom payments.
However, in a strange turn of events, AXA itself fell victim to a ransomware attack and had to reportedly cough up the ransom to wriggle out of the situation.