Hackers stole valuable data and locked CNA Financial Corp out of its network.

A Bloomberg report revealed today that CAN Financial Corp (NYSE: CAN), one of the largest insurers in the U.S., was forced to pay up $40 million in cyber ransom after criminals mounted a ransomware attack. The company initially rejected the $60 million ransom demand but caved in a couple of weeks later, settling for $40 million.

The FBI frowns upon ransomware payments, saying they encourage further attacks and that there was no guarantee the bad actors would release the victim’s system after payment. However, CNA spokeswoman Cara McCall said: “CNA is not commenting on the ransom. CNA followed all laws, regulations, and published guidance, including OFAC’s 2020 ransomware guidance, in its handling of this matter.”

The CNA ransomware

CNA’s investigation found that the hackers were a group called ‘Phoenix’. They used ransomware titled Phoenix Locker, itself a variant of another malware known as ‘Hades.’

A group of Russian cybercriminals dubbed Evil Corp. is said to have created Hades. The U.S. sanctioned 17 individuals and six entities linked to Evil Corp. in December 2019.

Cyberattacks via ransomware have surged sharply in recent times. According to a report “Combating Ransomware” issued by the Institute for Security & Technology (IST), victims paid about $350 million in ransom last year, a 311% increase over 2019.

The gravity of the matter

According to IST ransomware attacks are on the rise because:

• Ransomware criminals operate with near-impunity, based out of jurisdictions that are unable or unwilling to bring them to justice.
• Financial systems such as cryptocurrencies enable attackers to receive funds without being traced.
• The barriers to entry into this highly profitable but criminal activity have become shockingly low.
• The “ransomware as a service” (RaaS) model, allows criminals without technical sophistication to conduct ransomware attacks.
• At the same time, technically knowledgeable criminals are conducting increasingly sophisticated attacks.

Is cyber insurance encouraging ransomware attacks?

Though companies are presumably loath to pay up, and the FBI forbids it, cyber insurance makes it easier to comply with the financial demands of the attackers because the ransom would be covered under the insurance policy.

Besides, all organizations prefer to get their systems up and running at the earliest.

The ransomware gangs know this psychology and probably are homing onto the cyber insured as easy-to-pick prey.

It is significant that victim CNA itself offers cyber insurance, and according to Bloomberg, the cyber culprits made off with “a trove of company data.”

If the stolen data includes customers who have taken out cyber insurance from CNA, they could be under threat.

Further, if these businesses are attacked and forced to pay ransoms, CNA may be on the hook for a lot more than the $40 million it paid the Phoenix gang.

Related Story:   Colonial Pipeline Shut Down By Ransomware Attack