American insurance giant CNA reportedly pays $40m to ransomware crooks

2021-05-22 10:22

CNA Financial, the US insurance conglomerate, has apparently paid $40m to ransomware operators to gets its files back.

All CNA systems are now back up and running though it appears that the company didn't manage this themselves and instead coughed up a widely reported $40m to the extortionists for the means to decrypt the scrambled files.

"CNA is not commenting on the ransom, but the company did consult and share intelligence with the FBI and OFAC regarding the cyber incident and the threat actor's identity," a spokesperson told The Register.

"CNA followed all laws, regulations, and published guidance, including OFAC's 2020 ransomware guidance, in its handling of this matter. Due diligence efforts concluded that the threat actor responsible for the attack is a group called Phoenix. Phoenix is not on any prohibited party list and is not a sanctioned entity."

In other words: CNA wouldn't be forbidden from doing a deal with the Phoenix crew, jus' sayin'.

Luckily for CNA and its customers, an analysis of the ransomware code suggests it doesn't steal data for later ransom, but instead simply locks it.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/05/22/in_brief_security/

#american #insurance #ransomware