Cyber insurance giant CNA hit by ransomware attack • Graham Cluley

Insurance firm CNA Hardy says that it has suffered a “sophisticated cybersecurity attack” that has impacted its operations, including its email system.

According to a statement posted on the firm’s website, CNA determined it had fallen foul of hackers on March 21:

“Out of an abundance of caution, we have disconnected our systems from our network, which continue to function. We’ve notified employees and provided workarounds where possible to ensure they can continue operating and serving the needs of our insureds and policyholders to the best of their ability.”

“The security of our data and that of our insureds ’and other stakeholders is of the utmost importance to us. Should we determine that this incident impacted our insureds’ or policyholders’ data, we’ll notify those parties directly.”

CNA doesn’t go into details regarding the nature of the attack, but according to a report on Bleeping Computer, the insurer was hit by a new type of ransomware known as Phoenix CryptoLocker, possibly linked to Evil Corp.

Sign up to our newsletter
Security news, advice, and tips.

The ransomware reportedly encrypted data on over 15,000 devices on CNA’s corporate network, as well as the computers of remote-working employees who were logged into the firm’s VPN when the attack occurred.

Of course, one of the types of insurance that CNA sells is err… cyber insurance:

“We understand that no matter what industry your clients operate within, cybercrime poses one of their greatest risks. In fact, cybercrime is the world’s fastest growing criminal activity, estimated to cost businesses more than €340bn a year. Whilst money is the primary motivator for cyber criminals, other factors such as ideology, sympathy, anger and espionage are also significant drivers of cybercrime.”

“Through our NetProtect® product line we provide first – and third party cyber coverage to address a broad range of exposures including security breaches, mistakes and unauthorised employee acts, virus attacks, hacking, identity theft or private information loss, and infringing or disparaging content.”

Just last week I described how ransomware gangs were…