CNA Financial Corp Attacked by Ransomware Last March Paid $40 Million to Gain Access to Network

CNA Financial Corp Attacked by Ransomware Last March Paid  $40 Million to Gain Access to Network
The CNA Financial Corp. paid $40 Million to hackers to regain access to their network last March; one more incident of increased intrusions into the US network that has yet to be addressed. Gerd Altmann/Pixabay

Another cyberattack, another US company. In March, CNA Financial Corp., one of the most prominent insurance companies, was locked out of their network and had to pay $40 million to regain access, reported Bloomberg.

According to two persons affiliated with the Chicago-based insurance firm who requested anonymity because they were not authorized to openly discuss the matter, sensitive data were stolen, and ransom was paid after two weeks.

CNA Financial hacked by ransomware have unidentified players

The source mentioned the firm did not break the law and that the firm investigated the attack and the hacker's identity with both the Federal Bureau of Investigation (FBI). The Treasury Department's Office of Foreign Assets Control warned that facilitating ransom payments to hackers could jeopardize sanctions compliance, noted an OFAC advisory.

Spokeswoman Cara McCall said the firm would not comment on the ransom. Still, she mentioned that all US laws and regulations, with the OFAC's 2020 advice on ransomware, were addressed in dealing with the hack attack, cited Washington examiner via MSN.

When the cyberattack happened, the information ransomed by the hackers was ignored by the company. They used other options to retrieve the data. But a week into the hack, it was decided to negotiate with the criminals that demanded $60 million, and they reached a settlement after talks were started, said those concerned.

CNA reported in a security incident update released last May 12 that it "does not expect the bulk of policyholder data with policy terms and coverage limits are affected" in its systems of record, claims processes, or underwriting systems.

Ransomware attacks, particularly transactions, are rarely mentioned; thus, it is difficult to determine the most enormous ransoms. Based on Palo Alto Networks, the total payment made in 2020 was $312,493, up 171 percent from the year before. According to three people familiar with ransomware deals, the $40 million amount was the most significant than any disclosed compensation to hackers.

CNA, which provides cyber insurance, blamed hackers called Phoenix, which is not subject to US sanctions.

Used for the hack is the malware Phoenix Locker derived from Hades, a variant of it. Cybersecurity experts state that Hades was developed by Evil Corp., a Russian cybercrime syndicate. In 2019, the United States of America sanctioned Evil Corp. However, because hacking groups can share code and sell malware to one another, identifying incidents can be challenging.

The payment's announcement is sure to infuriate legislators and regulators already frustrated that American firms are paying significant sums to cyber attackers that have targeted hospitals, drug companies, police forces, and other critical public-safety agencies during the last year.

The FBI disapproves of firms paying any ransomware attack, with no assurance that the perpetrators will return the data.

According to security analysts, the CNA Financial Corp. has been exploiting victims with cyber insurance coverage and large volumes of sensitive consumer data in recent years, making it more likely to pay the ransom.

Real Time Analytics