​Earlier this week, insurance provider CNA Financial confirmed a cyber attack on its system. Out of an abundance of caution, the insurance carrier temporarily shut down its website. The attack itself utilized a newly devised version of the Phoenix CryptoLocker malware, a form of ransomware. Over 15,000 company devices contended with the encryption payload.

For this $10 billion dollar behemoth, “the attack caused a network disruption and impacted certain CNA systems, including corporate email,” a company spokesperson stated. Since then, employees have relied on workaround systems in order to fulfill routine business duties.

CNA Financial intends to restore systems using backups. This method is preferable to paying ransomware extortion and restoration fees. In the interim, customers can review the directions on the company’s (now restored) website in order to get in-touch, if needed.

Data privacy for CNA Financial policy holders

The cyber criminals behind the ransomware attack may have stolen CNA Financial’s digital rolodex of customer data. As a result, the attackers may launch a fresh wave of attacks on CNA’s clients. Targeting an insurance company’s client list ensures that hackers will receive payment in future ransomware schemes. It is the job of a company that provides cyber insurance to financially bail out its clients in the wake of an unexpected cyber threat.

In leveraging CNA Financial’s client list, attackers of course don’t necessarily have to launch ransomware attacks. Phishing or spear phishing attacks represent other options. If the hackers have obtained detailed information about clients/potential targets, spear phishing emails can easily poach passwords or help hackers break into more networks in order to obtain more client lists.

The full scope of the event, and subsequently, the exact implications, remain yet to be determined. A combination of cyber forensics investigators and legal authorities are working to quickly uncover more information.

CNA Financial Chicago

Who’s behind the CNA Financial attack?

The perpetrators responsible for the attack allegedly hail from the Evil Corp group. Maksim V. Yakubetes, who’s known by the nickname “aqua”, uses his stolen millions to live a luxurious lifestyle. Evil Corp is responsible for last year’s deployment of WastedLocker ransomware in relation to at least one high-profile breach.

For more information on the CNA Financial breach, visit SC Magazine.

(Image: CNA Financial, Chicago. Courtesy of SC Magazine)