CNA Insurance Firm Paid $40m in Ransom

U.S. insurance giant CNA Financial recently paid hackers $40 million to release their systems from ransomware. The cyberattack occurred in late March. 

What Happened?

Bloomberg first reported on the story, and then the New York Post picked it up. CNA suffered a massive cyberattack that locked them out of their systems for two weeks when they finally decided to pay the ransom to get their data back. 

No one at CNA commented on the attack. However, they did share details about the incident with the FBI and Treasury Department’s Office of Foreign Assets Control despite warnings that companies who pay ransom could face government sanctions for doing so. 

The New York Post said:

‘“CNA followed all laws, regulations, and published guidance, including OFAC’s 2020 ransomware guidance, in its handling of this matter,” the spokeswoman, Cara McCall, told Bloomberg.’

Experts note that $40 million was the most enormous ransom paid to date. The insurance conglomerate believes that a hacker group called Phoenix is responsible for the issue. CNA offers cybersecurity insurance to its clients, which is why it was probably a victim. Hacker gangs often target those with deep pockets. In this case, instead of targeting a CNA customer, they went straight to the source. 

What Does the FBI Say?

The FBI has a protocol of advising victims not to pay. However, companies like Colonial Pipeline and CNA felt compelled to take action to release their systems to get their businesses back online. The impact of the Colonial Pipeline attack was felt up and down the entire East coast with fuel shortages and skyrocketing prices. In the end, Colonial paid the DarkSide hacker gang a $4.4 million ransom to restore their systems. 

According to the New York Post “The FBI says that paying ransom creates incentives for more attacks and supports criminal gangs.”

Ransomware attacks have become a massive problem for companies and government agencies, but it is a most profitable way of life for hackers. Studies show that ransomware payments went up by 311% since last year for a total of $350 million!

What Can Companies Do to Stay Safe?

Recently the U.S. formed a cybersecurity task force designed to respond to the growing problem of ransomware in this country. The group created an 81-page report outlining some guidelines for the public and private sector as well as suggestions for government agencies. The report, prepared by the Institute for Security and Technology, was provided to the Biden administration a few days before Colonial Pipeline was hit. 

Some of the highlights of this report are:

• Coordinating information between various international and local law enforcement agencies to deal with attacks swiftly.

• Require careful consideration before paying any ransom.

• An aggressive stance against ransomware by the U.S. 

• Ransomware relief funds.

• Laws governing cryptocurrency. 

Some things companies can do to secure their systems against ransomware are: 

• Hire forensic experts to audit their systems and implement upgrades.

• Install 24/7 network monitoring software.

• Force best practices in all areas of IT, especially user passwords and device management. 

• Implement a zero-trust policy.

• Use long, strong passwords and force password resets routinely.

• Install antivirus/anti-malware software on all devices.

• Train employees on phishing and social engineering tactics.

• Never click links in email or download attachments.

• Turn off installing software except from trusted sources.

• Consult the task force report and follow the guidelines on how to better secure network systems and personnel. 

• Update firmware, software, and all apps regularly with the latest security patches. 

• Stay on top of emerging threats and ways to combat them.