CNA Financial, one of the largest insurance companies in the United States, reportedly paid hackers $ 40 million after a ransomware attack blocked access to the company’s network and stole its data, according to a Bloomberg report ‘s Kartikay Mehrotra and William Turton.
CNA first ad the hack at the end of March, saying he witnessed a “sophisticated cybersecurity attack” on March 21 that had “impacted some CNA systems.” To remedy the incident, the company brought in outside experts and law enforcement, both of whom opened an investigation into the attack.
But behind closed doors, about a week after the ransomware attack, CNA began negotiating with the hackers, Bloomberg reported.
The hackers initially demanded $ 60 million in ransom. But as a result of the negotiations, CNA paid them $ 40 million at the end of March, which could be one of the biggest ransomware hacking payments to date.
Bloomberg’s report on CNA Financial’s ransom payment comes just weeks after Colonial Pipeline – the largest refined products pipeline in the United States – hackers paid $ 4.4 million follow his own cyberattack, which caused gas shortages on the east coast.
Colonial Pipeline’s payment may be significantly lower than CNA Financial’s, but the cost of ransomware attacks has increased. In 2020, the average payment for ransomware increased 171%, from $ 115,123 in 2019 to $ 312,493 in 2020, according to a report from a cybersecurity company. Palo Alto Networks. And earlier this year the two Quanta, an apple supplier, and Acer were targeted by the ransomware group REvil, which demanded $ 50 million from the two companies.
However, the FBI advises against paying a ransom, and says it might encourage more hacks instead.
A CNA spokesperson told Insider the company was not commenting on the ransom, but had “followed all laws, regulations and issued guidelines, including OFAC guidelines on ransomware 2020, in its handling of this issue ”.
The spokesperson also noted that a group called “Phoenix” was behind the attack. The ransomware used on CNA is known as Phoenix Locker, a spin-off of another “Hades” malware created by Russian hacking organization Evil Corp, Bloomberg reported.
The US Treasury Department last sanctioned Evil Corp in 2019 following the group’s distribution of another malware. This sanction prohibited Americans from paying a ransom to Evil Corp. However, the CNA spokesperson noted that Phoenix “is not on any banned party list and is not a sanctioned entity.”
Read the original article on Business intern