US’s largest insurance companies reportedly paid $40 million to ransomware hackers
CNA Financial, one of the largest US insurance companies, based in Chicago, Continental Casualty Company (CCC), was founded in 1897 – CNA is the seventh-largest commercial insurer in the United States as of 2018.[3] CNA provides property and casualty insurance products and services for businesses and professionals in the U.S., Canada, Europe, and Asia. CNA paid $40 million to free itself from a ransomware attack that occurred in March, according to a recent report from Bloomberg. The hackers reportedly demanded $60 million when negotiations started about a week after some of CNA’s systems were encrypted, and the insurance company paid the lower sum a week later.
CNA’s payout would rank as one of the highest ransomware payouts that we know about, though that’s not for lack of trying by hackers: both Apple and Acer had data that was compromised in separate $50 million ransomware demands earlier this year. It also seems like the hackers are looking for bigger payouts: just this week we saw reports that Colonial Pipeline paid a $4.4 million ransom to hackers. While that number isn’t as staggering as the demands made to CNA, it’s still much higher than the estimated average enterprise ransomware demand in 2020.
Law enforcement agencies recommend against paying ransoms, saying that payouts will encourage hackers to keep asking for higher and higher sums. For its part, CNA told Bloomberg that it wouldn’t comment on the ransom, but that it had “followed all laws, regulations, and published guidance to handle this matter.” In an update, CNA says that it believes its policyholders’ data were unaffected.
The ransomware that locked CNA’s systems was Phoenix Locker, a derivative of another piece of malware called Hades. Hades was allegedly created by a Russian group with the Mr. Robot-esque name Evil Corp.