In March of this year, CNA Financial Corp., among the largest insurance companies in the U.S., paid $40 million to regain control of its network after a ransomware attack. The Chicago-based company reportedly paid hackers two weeks after a large amount of company data was stolen. CNA officials were also locked out of their own network, according to individuals familiar with the attack, neither of whom was authorized to discuss the matter publicly.
CNA did release a formal statement stating the company consulted and shared intelligence with the FBI and the Treasury Department’s Office of Foreign Assets Control about the attack and the hacker’s identity. The Treasury Department’s said last year facilitating ransom payments to hackers could pose sanctions risks.
Ransom Payment Trend
As Companies rarely disclose ransomware attacks or payments it is difficult to know actual past payments. According to Palo Alto Networks, the average payment in 2020 was $312,493, a 171% increase over the prior year. The $40 million payment by CNA is bigger than any previously disclosed payments to hackers, according to three people familiar with ransomware negotiations.
Ransomware demands have increased exponentially in the last six months, according to Melissa Hathaway, president of Hathaway Global Strategies and a former cybersecurity adviser to Presidents George W. Bush and Barack Obama.
The average ransom demand is now between $50 million and $70 million, Hathaway said. While those demands are often negotiated down, she stated that companies are frequently paying ransoms in the tens of millions of dollars, in part because cyber insurance policies cover some of the cost.
A taskforce of security experts and law enforcement agencies estimated that victims paid about $350 million in ransom last year, a 311% increase over 2019. The task force recommended 48 actions the Biden administration and private sector could take to mitigate such attacks, including better regulation of the digital currency market used to make ransom payments.
The task-force report, prepared by the Institute for Security and Technology, was delivered to the White House days before Colonial Pipeline Co. was compromised in a ransomware attack. Bloomberg reported that Colonial paid the hackers nearly $5 million shortly after the attack.
What Is Ransomware?
Ransomware is a type of malware encrypting a victim’s data demanding a payment to unlock access to the data. Cybercriminals also use ransomware to steal too. The hackers then ask for a payment to unlock the files and promise not to leak stolen data. In recent years, hackers have been targeting victims with cyber insurance policies and huge volumes of sensitive consumer data that make them more likely to pay a ransom, according to cybersecurity experts.
The CNA hackers used malware called Phoenix Locker, a variant of ransomware dubbed ‘Hades.’ Hades was created by a Russian cybercrime syndicate known as Evil Corp., according to cybersecurity experts. Evil Corp. was sanctioned by the U.S. in 2019. Unfortunately, it is difficult to pinpoint blame as hacking groups share code or sell malware to one another.
Phoenix Locker appears to be a variant of Hades based on overlap of the code used in each, according to Barry Hensley, chief threat intelligence officer of cybersecurity firm Secureworks Corp. “We have a high degree of confidence this is a Hades variant,” Hensley said. He said they have not determined which hackers used the Hades variant to attack CNA.
Hades was created by Evil Corp. to bypass U.S. sanctions placed on the hacking group, according to research published in March by the cybersecurity firm CrowdStrike Holdings Inc.
CNA, which offers cyber insurance, said its investigation concluded that the hackers were a group called Phoenix not yet subject to U.S. sanctions.
The average ransom demand is now between $50 million and $70 million, subject to negotiation. Companies are frequently paying ransoms in the tens of millions of dollars, in part because cyber insurance policies cover some or all of the cost.
Aspen Insurance Agency is in Denver, CO, and services clients nationwide. We are a family run business working with multiple insurance carriers to offer our customers the coverage they need at the lowest possible cost. We offer a wide range of personal, commercial, and professional insurance to residential and commercial customers enabling the cheapest rates available. Call to speak to one of our insurance professionals and see how painless insurance shopping can be.