Digital Assets: Insurance Major CNA Coughed Up $40M Cyber Ransom In March
Hackers stole valuable data and locked CNA Financial Corp out of its network.
A Bloomberg report revealed today that CAN Financial Corp (NYSE: CAN), one of the largest insurers in the U.S., was forced to pay up $40 million in cyber ransom after criminals mounted a ransomware attack. The company initially rejected the $60 million ransom demand but caved in a couple of weeks later, settling for $40 million.
The FBI frowns upon ransomware payments, saying they encourage further attacks and that there was no guarantee the bad actors would release the victim’s system after payment. However, CNA spokeswoman Cara McCall said: “CNA is not commenting on the ransom. CNA followed all laws, regulations, and published guidance, including OFAC’s 2020 ransomware guidance, in its handling of this matter.”
The CNA ransomware
CNA’s investigation found that the hackers were a group called ‘Phoenix’. They used ransomware titled Phoenix Locker, itself a variant of another malware known as ‘Hades.’
A group of Russian cybercriminals dubbed Evil Corp. is said to have created Hades. The U.S. sanctioned 17 individuals and six entities linked to Evil Corp. in December 2019.
Cyberattacks via ransomware have surged sharply in recent times. According to a report “Combating Ransomware” issued by the Institute for Security & Technology (IST), victims paid about $350 million in ransom last year, a 311% increase over 2019.
The gravity of the matter
According to IST ransomware attacks are on the rise because:
- Ransomware criminals operate with near-impunity, based out of jurisdictions that are unable or unwilling to bring them to justice.
- Financial systems such as cryptocurrencies enable attackers to receive funds without being traced.
- The barriers to entry into this highly profitable but criminal activity have become shockingly low.
- The “ransomware as a service” (RaaS) model, allows criminals without technical sophistication to conduct ransomware attacks.
- At the same time, technically knowledgeable criminals are conducting increasingly sophisticated attacks.
Is cyber insurance encouraging ransomware attacks?
Though companies are presumably loath to pay up, and the FBI forbids it, cyber insurance makes it easier to comply with the financial demands of the attackers because the ransom would be covered under the insurance policy.
Besides, all organizations prefer to get their systems up and running at the earliest.
The ransomware gangs know this psychology and probably are homing onto the cyber insured as easy-to-pick prey.
It is significant that victim CNA itself offers cyber insurance, and according to Bloomberg, the cyber culprits made off with “a trove of company data.”
If the stolen data includes customers who have taken out cyber insurance from CNA, they could be under threat.
Further, if these businesses are attacked and forced to pay ransoms, CNA may be on the hook for a lot more than the $40 million it paid the Phoenix gang.
Related Story: Colonial Pipeline Shut Down By Ransomware Attack
Latest Alternative Investment News
Artificial Intelligence: AMD Takes On Rivals In The AI Chip Sweepstakes
Chipmaker AMD (NASDAQ: AMD) has unveiled a range of innovative AI solutions spanning from data centers to personal computers. The AMD Instinct MI300 Series features data center AI accelerators, while…
Digital Assets: Robinhood Debuts Crypto Trading On Its App In The EU
Robinhood (NASDAQ: HOOD) has launched its Crypto app in the European Union (EU), allowing eligible customers to engage in crypto trading with the added incentive of earning Bitcoin rewards. Customers…
FinTech: Samsung Electronics Ties With Mastercard’s Wallet Express
Samsung Electronics (KRX: 005930) and Mastercard (NYSE: MA) have partnered to launch the Wallet Express program, offering banks and card issuers a cost-effective way to expand digital wallet offerings. Through…
Venture Capital: Revaia, Europe’s Biggest Female-Led VC Firm, Racks Up $160M For Second Fund
Revaia, Europe’s largest female-founded venture capital firm, has successfully raised €150 million ($160 million) for its second fund, Revaia Growth II. The funding was secured from sovereign wealth funds, family…