One of the biggest US insurance companies reportedly paid hackers $40 million ransom after a cyberattack
CNA Financialreportedly paid hackers $40 million in March following a ransomware attack, Bloomberg reported.
- The report comes weeks after Colonial Pipeline paid its ransomware hackers $4.4 million.
Ransomcosts from ransomware attacks have been increasing.
CNA Financial, one of the largest
CNA first announced the hack in late March, stating that it had seen a "sophisticated cybersecurity attack" on March 21 that had "impacted certain CNA systems." To address the incident, the company called in outside experts and law enforcement, both of which launched an investigation into the attack.
But behind closed doors, about a week following the ransomware attack, CNA began negotiating with the hackers, Bloomberg reported.
The hackers initially demanded $60 million in ransom. But following negotiations, CNA paid them $40 million in late March, which could be one of the largest ransomware hacker payments yet.
Bloomberg's report on CNA Financial's ransom payment comes just weeks after Colonial Pipeline - the US' biggest refined products pipeline - paid hackers $4.4 million following its own cyberattack, which had caused gas shortages across the East Coast.
Colonial Pipeline's payout may be notably lower than CNA Financial's, but the cost of ransomware attacks have been increasing. In 2020, the average ransomware payment increased 171% from $115,123 in 2019 to $312,493 in 2020, according to a report from cybersecurity firm Palo Alto Networks. And earlier this year, both Quanta, an Apple supplier, and Acer were targeted by ransomware group REvil, which demanded $50 million from both companies.
However, the FBI advises against paying a ransom, and says doing so could instead encourage more hacks.
A CNA spokesperson told Insider that the company isn't commenting on the ransom, but that it had "followed all laws, regulations, and published guidance, including OFAC's 2020 ransomware guidance, in its handling of this matter."
The spokesperson also noted that a group called "Phoenix" was behind the attack. The ransomware used on CNA is known as Phoenix Locker, a spin-off of another malware "Hades" created by Russian hacking organization Evil Corp, Bloomberg reported.
The US Treasury Department last sanctioned Evil Corp in 2019 following the group's distribution of another malware. This sanction barred Americans from paying an Evil Corp ransom. However, the CNA spokesperson noted that Phoenix "isn't on any prohibited party list and is not a sanctioned entity."
- Researchers develop device that uses sound waves to separate blood-based nanoparticles
- 5 Bihar villages to be developed into human-carnivore coexistence zone
- Delhi's air quality will likely improve from Sunday evening, says IMD
- Centre to convene all-party meet Monday to finalise strategies for 2023 G-20 summit
- Family members of Indian workers now eligible to work in Canada