The victim, in this case, was CNA Financials, one of the US’s largest insurance companies. After hackers blocked access to the network and stole data, CNA Financials reportedly paid $40 million to the hackers to regain control. This could be one of the largest ransomware payments to date. Coming just a few weeks after the Colonial pipeline attack, it shows the increasing cost of ransomware attacks.
Digging Deeper into the CNA Financials Ransomware Attack
CNA Financials announced the hack in March. It called the ransomware attack a “sophisticated cybersecurity attack” and confirmed that it had compromised several CNA systems. While the company called for help from outside experts and law enforcement, they ultimately negotiated with the hackers.
The demand placed by the hackers was $60 million reportedly. However, CNA engaged in negotiations, and the hackers settled for $40 million.
The company claimed that record systems, claims, and underwriting systems were not affected by the attack. A spokesperson for the group refused to comment on the ransomware payment. However, the group behind the attack was supposedly “Phoenix.” They used the Phoenix Locker software that is a “Hades” spinoff.
While the spokesperson maintained that systems that hold most of the policyholder data were unaffected, the hefty ransom is certainly causing concern. The FBI warns against paying ransom in case of such attacks. They maintain that such ransom payments will give attackers and cybercrime groups more incentive to carry out further episodes of the same fashion.
Implications of the Ransom Payment
$40 million paid by CNA Financials is one of the largest ransoms for a cyberattack. This is undoubtedly an incentive for hackers. It gives them the confidence required to carry out such attacks.
In general, it has been observed that the average cost of these attacks has risen rapidly over the past years. The number of organizations choosing to pay ransom has increased from 26% in 2020 to 32% in 2021. However, only 8% of these organizations get their data back. While it is easy to warn against paying a ransom, it is hard to practice when data is at risk.
This also implies that companies have to spend more resources securing data and mitigating risks before an attack occurs. This might be the only way to prevent or at least reduce such attacks. In this age where data is the ultimate driving force for most companies, such large ransoms are sure to attract more attackers to try their luck.
The only sure way to stay protected is by staying one step ahead and keeping track of and managing vulnerabilities. The rising attacks and steep increase in ransom demands signify that companies and governments need to implement policies that protect data.