One of the country’s biggest insurance companies revealed that it paid $40 million to convince ransomware hackers to stop their attack earlier this year in March. This is one of the highest ransomware payouts of all time that have been revealed to the public.
On the 20th of May, Bloomberg shared a report disclosing an incident that took place earlier this year in March. The incident involved one of the most popular insurance companies in the US who became the victim of a ransomware attack for which it paid a considerable sum of money. More precisely, the report revealed that CNA Financial, a Chicago-based financial corporation that is the 7th largest commercial insurance in the country as of 2018, was the victim of a ransomware attack back in March this year.
The attack led to the company’s all systems being encrypted, which, as for any other company, no matter the industry or size, would mean a significant disruption that could be fatal to the business. During the negotiations, the ransomware hackers demanded a $60 million ransom to give the company access back to its systems. Sources shared that the insurance company then paid the $40 million sum a week later to recover its systems back.
Cybersecurity specialists and law enforcement agencies recommend companies not pay ransoms to hackers because this will only encourage cybercriminals to keep asking for higher amounts of money. As for the insurance company, while it did not comment on the paid ransom to hackers, the company claimed that it had followed all the laws and published guidance while handling the attack and negotiation process.
Ransomware attacks on the rise during COVID-19 pandemic
CNA Financial isn’t the only well-known company that had to deal with a ransomware attack and ransom demands worth millions of dollars.
Earlier this year, Apple and Acer were victims of ransomware attacks that led to their data being compromised. Hackers requested each company to pay a $50 million ransom to stop the attack and not expose the stolen data.
In the case of Apple, the attack didn’t directly target the company but rather a key supplier to the company, the Taiwan-based Quanta Computer Inc. company. Techrobot has a more detailed article about the ransomware attack involving Apple’s supplier Quanta.
As for the ransomware attack involving Acer, it took place in March, and the ransomware gang signaled it by sharing some images of allegedly stolen files as proof. The pictures shared by hackers included documents that were holding financial spreadsheets, bank balances, and communications. However, Acer didn’t give a clear answer on whether or not the company was the victim of a REvil ransomware attack, but the company did claim that it has reported some recent abnormal events to the national crime agency who is responsible for working against cybercriminals. Acer was also asked by hackers to provide a sum of $50 million in exchange for them to stop the attack.
Now, it’s not just major companies like CNA Financial, Apple, and Acer that are targeted by ransomware hackers lately. Data shows that since the outbreak of the Coronavirus pandemic, the number of ransomware attacks increased by at least 150%, and the numbers are growing even faster this year.
One of the reasons why this type of cybersecurity risk is spiking these days is the fact that the pandemic made everyone, from companies to organizations and individuals, easy targets. More precisely, with the lockdown and social distancing restrictions spreading from one country to another, everybody moved online to continue their activities. While the average individual went online to work, study, purchase goods, and communicate with their loved ones, companies went online to continue doing business. Yet, the tricky part here is that companies needed to move into the digital overnight, which caused them to, wrongfully, place security last on the list of priorities. That’s when the pandemic became a very lucrative period for cybercriminals.
Data from Microsoft shows that ransomware hackers started attacks centered around the virus immediately once WHO declared the global health crisis at the beginning of 2020. What’s more, Microsoft also shared that from April to May 2020, ransomware attacks reached 20.000 to 30.000 daily in the US only.
Besides huge amounts of money paid to hackers by companies who fear that such major disruptions could cost them their business, these attacks can cost a lot more: human lives. In Germany, last year in September, a woman died from delayed treatment after ransomware hackers attacked the computers of a hospital in Dusseldorf. Due to the attack, the hospital staff had to turn away emergency patients, among which the woman was suffering from a life-threatening emergency.
How can companies protect themselves?
As companies of all sizes and from all industries are becoming popular targets to a form of malware attacks, they need to prioritize cybersecurity more than ever before.
Ransomware is a serious threat that can have tremendous consequences for companies, their customers, and pretty much everyone involved in a way or another.
Ransomware explained
Simply put, ransomware is a type of malware that encrypts the files of the victim. The victim is then asked to pay a ransom to regain access to their files. Typically, ransomware is a cybersecurity risk that targets companies, organizations, businesses of all sizes, and from all industries.
Ransomware hackers infiltrate into a company’s network or server, even individual laptops or computers, and then encrypt the files stored on the device or server. In the event the victim decides against paying the amount of money demanded by hackers as ransom, the victim could lose all the critical information and stolen data.
Ransomware attack prevention strategies
To protect themselves against a ransomware attack, companies must:
- Educate their employees on how to stop malware from infiltrating the company’s system or server.
- Use a strong security program.
- Have a data backup and recovery plan in place in the event the attack succeeds.
- Keep all business devices updated.
