One of the biggest US insurance companies reportedly paid hackers $40 million ransom after a cyberattack
CNA Financialreportedly paid hackers $40 million in March following a ransomware attack, Bloomberg reported.
- The report comes weeks after Colonial Pipeline paid its ransomware hackers $4.4 million.
Ransomcosts from ransomware attacks have been increasing.
CNA Financial, one of the largest
CNA first announced the hack in late March, stating that it had seen a "sophisticated cybersecurity attack" on March 21 that had "impacted certain CNA systems." To address the incident, the company called in outside experts and law enforcement, both of which launched an investigation into the attack.
But behind closed doors, about a week following the ransomware attack, CNA began negotiating with the hackers, Bloomberg reported.
The hackers initially demanded $60 million in ransom. But following negotiations, CNA paid them $40 million in late March, which could be one of the largest ransomware hacker payments yet.
Bloomberg's report on CNA Financial's ransom payment comes just weeks after Colonial Pipeline - the US' biggest refined products pipeline - paid hackers $4.4 million following its own cyberattack, which had caused gas shortages across the East Coast.
Colonial Pipeline's payout may be notably lower than CNA Financial's, but the cost of ransomware attacks have been increasing. In 2020, the average ransomware payment increased 171% from $115,123 in 2019 to $312,493 in 2020, according to a report from cybersecurity firm Palo Alto Networks. And earlier this year, both Quanta, an Apple supplier, and Acer were targeted by ransomware group REvil, which demanded $50 million from both companies.
However, the FBI advises against paying a ransom, and says doing so could instead encourage more hacks.
According to a May 12 update from CNA, "systems of record, claims systems, or underwriting systems where the majority of policyholder data is stored" were not affected by the
A CNA spokesperson told Insider that the company isn't commenting on the ransom, but that it had "followed all laws, regulations, and published guidance, including OFAC's 2020 ransomware guidance, in its handling of this matter."
The spokesperson also noted that a group called "Phoenix" was behind the attack. The ransomware used on CNA is known as Phoenix Locker, a spin-off of another malware "Hades" created by Russian hacking organization Evil Corp, Bloomberg reported.
The US Treasury Department last sanctioned Evil Corp in 2019 following the group's distribution of another malware. This sanction barred Americans from paying an Evil Corp ransom. However, the CNA spokesperson noted that Phoenix "isn't on any prohibited party list and is not a sanctioned entity."
- The college student who tracks Elon Musk's private jet says the Tesla CEO only seems to care about tracking planes if it affects him
- A 53-year-old longevity researcher says his 'biological age' is a decade younger thanks to 4 daily habits — but the science behind them is mixed
- A millennial who became a millionaire after the 2008 crash says building wealth is about more than opportunistic investing. You also have to make lifestyle changes and load up on side hustles.
- Indian metal stocks become attractive after massive underperformance and signs of recovery in China, says Jefferies
- ChatGPT Plus subscription launched in India – price, benefits, and more
- India gains two spots on mobile download speeds globally
- The worst ODI losses for the Indian cricket team
- As Covid cases rise, Kerala, Maharashtra, Gujarat report highest numbers