Security News > 2021 > May > Insurance giant CNA fully restores systems after ransomware attack
Leading US-based insurance company CNA Financial has fully restored systems following a Phoenix CryptoLocker ransomware attack that disrupted its online services and business operations during late March.
CNA provides a wide range of insurance products, including cyber insurance policies, and is the sixth-largest commercial insurance company in the US according to stats provided by the Insurance Information Institute.
Sources familiar with the ransomware attack told BleepingComputer that the attackers encrypted more than 15,000 devices after deploying ransomware payloads on CNA's network on March 21.
"On March 21, 2021, as previously shared, we detected the ransomware and took immediate action by proactively disconnecting our systems from our network to contain the threat and prevent additional systems from being affected," CNA said in an update published on Wednesday.
"We do not believe that the Systems of Record, claims systems, or underwriting systems, where the majority of policyholder data-including policy terms and coverage limits-is stored, were impacted," CNA added.
Using double-extortion as a tactic has become commonplace for most active ransomware operations, with victims regularly alerting their customers or employees of possible data breaches following ransomware attacks.
News URL
Related news
- UK health services call-handling vendor faces $7.7M fine over 2022 ransomware attack (source)
- McLaren hospitals disruption linked to INC ransomware attack (source)
- Six ransomware gangs behind over 50% of 2024 attacks (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- Most ransomware attacks occur between 1 a.m. and 5 a.m. (source)
- New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data (source)
- Lateral movement: Clearest sign of unfolding ransomware attack (source)
- BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (source)