Insurance Agency Hit By Ransomware Reportedly Paid $40 Million To Recover Files

The people familiar with the situation, who were not authorized to publicly speak on the matter, discussed the hack with Bloomberg. It is reported that the company paid hackers “about two weeks after a trove of company data was stolen, and CNA officials were locked out of their network.” When asked specifically about the ransom payment, CNA declined to comment specifically on the funds. However, a spokesperson explained that “the company followed the law” and “consulted and shared intelligence about the attack and the hacker’s identity with the FBI and the Treasury Department’s Office of Foreign Assets Control.”
In the security incident update posted on May 12th, CNA reported that the company is fully restored and operating business as usual. This was possible because CNA determined that the Threat Actor specifically targeted no “CNA or policyholder data,” and that there was “no evidence to indicate that external customers were potentially at risk of infection due to the incident.” Hopefully, the next security incident will outline what the company plans to do going forward to prevent further attacks.

Though CNA believes that this was not a targeted attack, it is interesting to see security incidents such as this grow and, scarily, become more routine. In the past several months, we have seen ransomware attacks that have demanded large sums of money, such as with Apple supplier Quanta who was asked to pay a $50 million ransom. This trend of increasing ransoms can be corroborated by research and data put together by Palo Alto’s Unit 42. The security researchers found the average ransom paid increased from $115,123 in 2019 to $312,493 in 2020, a 171% year-over-year increase. Furthermore, attackers are becoming more brazen in their demands, as the highest ransom demand between 2015 and 2019 was $15 million, which then spiked to $30 million in 2020.

The problem with this trend is that while the ransom increases, the chance of having data unlocked, deleted, or returned remains the same. However, if an attacker does not hold up their end of the bargain, they are less likely to get money in the future. But that may not matter if they become a millionaire from just one attack.  Whatever the case may be, companies giving in to the ransom will only exacerbate the problem in the future as it signals that ransomware can work. Perhaps the White House can implement an interagency ransomware taskforce, as we reported on in April, to head off these sorts of attacks before they become more problematic. There also may be better solutions out there but let us know what you think of all this in the comments below.