Security News > 2021 > May > Insurance giant CNA fully restores systems after ransomware attack
Leading US-based insurance company CNA Financial has fully restored systems following a Phoenix CryptoLocker ransomware attack that disrupted its online services and business operations during late March.
CNA provides a wide range of insurance products, including cyber insurance policies, and is the sixth-largest commercial insurance company in the US according to stats provided by the Insurance Information Institute.
Sources familiar with the ransomware attack told BleepingComputer that the attackers encrypted more than 15,000 devices after deploying ransomware payloads on CNA's network on March 21.
"On March 21, 2021, as previously shared, we detected the ransomware and took immediate action by proactively disconnecting our systems from our network to contain the threat and prevent additional systems from being affected," CNA said in an update published on Wednesday.
"We do not believe that the Systems of Record, claims systems, or underwriting systems, where the majority of policyholder data-including policy terms and coverage limits-is stored, were impacted," CNA added.
Using double-extortion as a tactic has become commonplace for most active ransomware operations, with victims regularly alerting their customers or employees of possible data breaches following ransomware attacks.
News URL
Related news
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)