CNA Financial

History

2021

Check Point Software: $40 million is a record ransom to hackers. The company was demanded $60 million

According to Check Point Software, a company specializing in information security technologies, the $40 million buyout that the CNA Financial insurance company  paid to hackers in 2021 was the largest in the history of ransomware attacks. This was reported by experts in early November 2021.

According to Bloomberg, the attackers initially demanded $60 million, and after lengthy negotiations they agreed to a reduced $20 million. According to IB experts, the Phoenix virus used to attack CNA Financial was created on the basis of the evil Hades. This virus was developed by the hacker group Evil Corp.

Registered the largest ever ransom to hackers

Check Point Software reported that in 2021, ransomware attacked every 61 organizations in the world every week, analysts continue. Attackers are aimed at companies that can afford to pay ransom - and in 2022 their attacks with ransomware will become only more sophisticated, experts say. Hackers will increasingly use penetration tools to set up real-time attacks, as well as work in victim networks.

Law enforcement agencies recommend that companies not pay hackers, because successful ransom attacks stimulate cybercriminals, who begin to demand increasingly substantial amounts for decrypting files. However, companies are often forced to pay hackers so as not to incur losses due to blocking their systems. 

Check Point Software analysts believe that data breaches are becoming larger  and more expensive. Leaks of valuable information will occur more frequently   and on a larger scale,  and organizations  and governments will spend much more on  reconstruction. Therefore, a ransom of $60 million, most likely, will not remain the maximum for a long time.^[1]

Payment of $40 million ransom after ransomware attack

At the end of May 2021, one of the largest insurance companies USA CNA Financial paid to hackers $40 million to regain control of its internal network. The ransom was demanded by hackers those who attacked the company with the help ransomware ciphering of data on the victim's computers.

According to Bloomberg, a payment of $40 million, $10 million more than the highest attempt by hackers to request a ransom of $30 million in 2020, was paid by an insurance company two weeks after the ransomware paralyzed CNA Financial systems. Initially, the company tried to restore the data on its own, but after a week of unsuccessful attempts, CNA Financial decided to negotiate with hackers.

CNA Financial paid $40 million ransom after ransomware virus attack

CNA Financial did not comment on what information was stolen, but noted that the registration, claim settlement and underwriting systems, which store most of the insurers' data, were not affected. Sources familiar with the situation at CNA Financial said that during the attack, employees could not access the company's network, hackers stole their confidential data.

During the attack on CNA Financial, attackers used malicious software Phoenix Locker. The results of the internal investigation showed that the hackers who carried out this attack are not subject to sanctions, so the company finally decided to pay the requested ransom.

CNA Financial spokeswoman Cara McCall noted that the company "followed all laws, regulations and published instructions" when working in a cyber attack, and also consulted with the FBI and the Office of Foreign Assets Control (OFAC). However, the FBI has repeatedly recommended that companies not pay hackers, since this does not guarantee the restoration of systems.^[2]

Notes