CNA, one of the largest US insurance companies, paid hackers $ 40 million to restore access to their networks after a ransomware attack.
On March 21 of this year, CNA fell victim to the ransomware Phoenix CryptoLocker, which encrypted 15,000 devices on its network. The insurer paid the ransom money to the extortionists two weeks after the attack, informed sources who wished to remain incognito told Bloomberg.
The CNA press service said the company is acting in accordance with the law. According to the spokesman, the insurer consulted with the FBI and the Office of Foreign Assets Control (OFAC) of the US Treasury Department and provided them with all the necessary data on the attack and hackers. Last October, the Treasury released a ransom payment guide for victims of ransomware and explained what to do if paying a ransom could violate sanctions.
“CNA does not comment on the ransom. CNA complies with all requirements of laws, decrees and guidelines, including OFAC’s 2020 ransomware guidelines, ”said spokeswoman Cara McCall.
CNA, including one that offers cyber risk insurance to its clients, said its internal investigation showed that cybercriminal group Phoenix is not subject to US government sanctions.
The announcement of CNA’s ransom payments to hackers is likely to anger lawmakers and regulators, already angry that American companies are paying large sums of money to cybercriminals who have attacked hospitals, drug manufacturers, police and other organizations critical to public safety over the past year. The FBI discourages organizations from paying the ransom as it encourages additional attacks and does not guarantee data returns.
Catch up on more articles here
Follow us on Twitter here