One of the biggest US insurance companies reportedly paid hackers R558 million ransom after a cyberattack
- CNA Financial reportedly paid hackers R558 million ($40 million) in March following a ransomware attack, Bloomberg reported.
- The report comes weeks after Colonial Pipeline paid its ransomware hackers R61.4million ($4.4 million).
- Ransom costs from ransomware attacks have been increasing.
- For more stories, go to www.BusinessInsider.co.za.
CNA Financial, one of the largest insurance companies in the US, reportedly paid hackers R558 million ($40 million) after a ransomware attack blocked access to the company's network and stole its data, according to a report from Bloomberg's Kartikay Mehrotra and William Turton.
CNA first announced the hack in late March, stating that it had seen a "sophisticated cybersecurity attack" on March 21 that had "impacted certain CNA systems." To address the incident, the company called in outside experts and law enforcement, both of which launched an investigation into the attack.
But behind closed doors, about a week following the ransomware attack, CNA began negotiating with the hackers, Bloomberg reported.
The hackers initially demanded R837 million ($60 million) in ransom. But following negotiations, CNA paid them R558 million ($40 million) in late March, which could be one of the largest ransomware hacker payments yet.
Bloomberg's report on CNA Financial's ransom payment comes just weeks after Colonial Pipeline - the US' biggest refined products pipeline - paid hackers R61.4 million ($4.4 million) following its own cyberattack, which had caused gas shortages across the East Coast.
Colonial Pipeline's payout may be notably lower than CNA Financial's, but the cost of ransomware attacks have been increasing. In 2020, the average ransomware payment increased 171% from R1.6 million ($115,123) in 2019 to R4.3 million ($312,493) in 2020, according to a report from cybersecurity firm Palo Alto Networks. And earlier this year, both Quanta, an Apple supplier, and Acer were targeted by ransomware group REvil, which demanded R697 million ($50 million) from both companies.
However, the FBI advises against paying a ransom, and says doing so could instead encourage more hacks.
A CNA spokesperson told Insider that the company isn't commenting on the ransom, but that it had "followed all laws, regulations, and published guidance, including OFAC's 2020 ransomware guidance, in its handling of this matter."
The spokesperson also noted that a group called "Phoenix" was behind the attack. The ransomware used on CNA is known as Phoenix Locker, a spin-off of another malware "Hades" created by Russian hacking organization Evil Corp, Bloomberg reported.
The US Treasury Department last sanctioned Evil Corp in 2019 following the group's distribution of another malware. This sanction barred Americans from paying an Evil Corp ransom. However, the CNA spokesperson noted that Phoenix "isn't on any prohibited party list and is not a sanctioned entity."
Receive a daily news update on your cellphone. Or get the best of our site emailed to you
Go to the Business Insider front page for more stories.