Data Breach Follows Phoenix Cryptolocker Ransomware Attack
Note: We may earn a commission from products or services when you click on a link and make a purchase.
Insurance provider CNA Financial has reported a data breach. Compromised data includes sensitive customer information accessed during a ransomware attack.
CNA Financial (CNA NYSE) discovered the data breach on March 21st, 2021. insurance provider hired a third-party cyber security firm to respond to and mitigate the attack. It was discovered that the attackers had access to CNA computer systems for sixteen days in March.
The cybercriminals exfiltrated information from CNA servers after that they successfully deployed Phoenix Cryptolocker ransomware.
“The investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021, to March 21, 2021,” CNA says in a data breach notification letter obtained by Sergiu Gatlan.
The Evil Corp ransomware gang is known for using Phoenix Cryptolocker. The ransomware uses its signature ‘the.phoenix’ extension on encrypted files.
Evil Corp is known for its WastedLocker ransomware attack on GPS enabled tech provider Garmin last year. They are also infamous for their attacks using Dridex banking trojan to steal banking credentials.
Breached data includes:
- Customers’ personal information
- Social Security numbers.
Did CNA pay ransomware?
Yes. CAN paid the hackers responsible for the Phoenix Cryptolocker Ransomware Attack $40 million USD to decrypt their systems. It is the third largest ever ransom ever paid.
CNA paid the ransom two weeks after the attackers successfully hijacked over 15,000 machines on CNA’s company network. Computers of employees working remotely were also disrupted according to eHackingnews.
Is CNA an insurance company?
CNA Financial Corporation is based in Chicago, Illinois. The company the seventh largest commercial insurer in the United States. They serve customers in the USA, Canada, Europe, and Asia.
CNA Financial has reported the incident to EU S Federal Bureau of investigations.
CNA Financial Data Breach – What to Do Next?
If you are a CNA financial customer impacted by the data breach you will receive a notification via U.S. Postal mail. CNA is providing identity theft protection to customers for two years.
Customers of CNA financial should be wary of future email phishing attacks. hackers used compromised data to develop and launch future cyberattacks. these may come in the form of fake news updates, security patches, or password reset requests or other.
- Always use a unique password for all your online accounts. If you cannot remember a new password for every account, you own (the average Internet user has over 200 online accounts) then use a password manager to help create and store unique and hard to guess passwords
- Use a quality antivirus app to detect and stop phishing emails and malicious websites. A subscription antivirus app is updated with the latest malware attack information. Get one installed on every phone and computer – click here.
- Never click on a link in an email or download an attachment from someone you don’t know or in an email you were not expecting. attackers are capable of spoofing email sender names to make the emails look like they come from someone that you know.
- When in doubt about an email or website, pick up the phone and call or text to find out of it’s real.