One of the biggest US insurance companies reportedly paid hackers $40 million ransom after a cyberattack

• CNA Financial reportedly paid hackers $40 million in March following a ransomware attack, $4.
• The report comes weeks after Colonial Pipeline paid its ransomware hackers $4.4 million.
• Ransom costs from ransomware attacks have been increasing.

CNA Financial, one of the largest insurance companies in the US, reportedly paid hackers $40 million after a ransomware attack blocked access to the company's network and stole its data, according to a $4s Kartikay Mehrotra and William Turton.

CNA first $4 the hack in late March, stating that it had seen a "sophisticated cybersecurity attack" on March 21 that had "impacted certain CNA systems." To address the incident, the company called in outside experts and law enforcement, both of which launched an investigation into the attack.

But behind closed doors, about a week following the ransomware attack, CNA began negotiating with the hackers, Bloomberg reported.

The hackers initially demanded $60 million in ransom. But following negotiations, CNA paid them $40 million in late March, which could be one of the largest ransomware hacker payments yet.

Bloomberg's report on CNA Financial's ransom payment comes just weeks after Colonial Pipeline - the US' biggest refined products pipeline - $4 following its own $4.

Colonial Pipeline's payout may be notably lower than CNA Financial's, but the cost of ransomware attacks have been increasing. In 2020, the average ransomware payment increased 171% from $115,123 in 2019 to $312,493 in 2020, according to a report from cybersecurity firm $4. And earlier this year, both $4 supplier, and $4 were targeted by ransomware group REvil, which demanded $50 million from both companies.

However, the FBI $4 against paying a ransom, and says doing so could instead encourage more hacks.

According to a $4 $4 from CNA, "systems of record, claims systems, or underwriting systems where the majority of policyholder data is stored" were not affected by the cyberattack.

A CNA spokesperson told Insider that the company isn't commenting on the ransom, but that it had "followed all laws, regulations, and published guidance, including OFAC's 2020 ransomware guidance, in its handling of this matter."

The spokesperson also noted that a group called "Phoenix" was behind the attack. The ransomware used on CNA is known as Phoenix Locker, a spin-off of another malware "Hades" created by $4, Bloomberg reported.

The US Treasury Department last $4 Evil Corp in 2019 following the group's distribution of another malware. This sanction barred Americans from paying an Evil Corp ransom. However, the CNA spokesperson noted that Phoenix "isn't on any prohibited party list and is not a sanctioned entity."