High profile attacks on insurers
DIGITAL ECOSYSTEMS
High profile attacks on insurers
A ransomware attack on a U . S . insurance company yielded one of the largestever reported ransom payments and one of the most salient examples of inflation in cyber ransom demands . CNA Financial , which provides cyber and other types of insurance , reportedly paid a ransom of US $ 40 million to Phoenix CryptoLocker ransomware operators in March 2021 . The attackers gained initial access to an employee workstation via a malicious browser update on a compromised legitimate website . The attackers moved laterally within the environment until they gained access to credentials with privileges elevated enough to deploy their ransomware payload . The attackers even encrypted files on the machines of remote employees connected to CNA infrastructure via VPN . CNA initially claimed that the attack did not expose its insurance policy details , such as coverage limits . CNA later disclosed that the attackers compromised some personal data , such as Social Security numbers and ( in some cases ) health insurance details for approximately 75,000 individuals , most of whom were
current or former employees or contractors or their family members . Ironically , CNA later disclosed that its own cyber insurance coverage would not cover all of its financial losses from this incident .
The data disclosure layer of ransomware attacks came to the forefront of a June-September 2020 RagnarLocker ransomware attack on US insurance broker Arthur J . Gallagher ( AJG ). The duration of the incident suggests that spending time collecting data from the compromised network before deploying ransomware on it was equally or more important to the attackers . Compromised PII data sets included : Social Security and tax identification numbers ; identity document numbers ; dates of birth ; usernames and passwords ; bank account and payment card numbers ; medical and biometric details ; and electronic signatures . Some affected individuals filed a lawsuit against AJG for allegedly failing to protect their PII and to notify them of its compromise in a timely manner , claiming that they had suffered identity theft as a result .
90 March 2022