Home Cyber Attack Insurance Giant CNA Went Offline Following A Ransomware Attack
Cyber AttackHacking NewsNews

Insurance Giant CNA Went Offline Following A Ransomware Attack

by Abeerah Hashim
written by Abeerah Hashim
CNA data breach

The latest victim of a ransomware attack is the American insurance giant CNA Financial. The firm fell prey to novel ransomware, which compelled them to go offline following the incident.

CNA Insurance Hit By Ransomware Attack

Reportedly, CNA Financials has recently suffered a devastating cyber attack. CNA is the seventh-largest commercial insurance firm in the US with a huge customer base.

The news surfaced online after the firm pulled its website offline while replacing the entire content with a single notice.

CNA cyber attack alert

CNA website’s security notice (Image: LHN)

As the company revealed, CNA suffered a ‘sophisticated cyber attack’ on March 21, 2021. The incident not only disrupted the firm’s network but also affected the corporate email and other systems.

Following the incident, CNA took its systems offline, including the unaffected ones, out of caution. Whereas, they also involved cybersecurity experts and law enforcement to investigate the matter.

Although, CNA hasn’t specifically explained the kind of cyber attack it suffered. However, Bleeping Computer has confirmed that CNA suffered a ransomware attack.

Phoenix Cryptolocker Ransomware Suspected

According to Bleeping Computer, CNA has fallen prey to the Phoenix Cryptolocker ransomware. The threat actors succeeded in encrypting over 15,000 devices on the company’s network. The affected systems also included the ones belonging to remote working staff who were connected to the firm’s VPN.

As for the threat actors, the malware supposedly belongs to the Evil Corp gang who also operated the WastedLocker ransomware.

The same group also operates the Hades ransomware after facing sanctions by the US government, according to Crowdstrike analysis. Hades is also actively targeting different firms, including the Forward Air freight company.

Regarding the connection between Phoenix and Evil Corp, CNA provided the following statement to Bleeping Computer.

The threat actor group, Phoenix, responsible for this attack, is not a sanctioned entity and no U.S. government agency has confirmed a relationship between the group that attacked CNA and any sanctioned entity. We have notified the FBI of this incident and are actively cooperating with them as they conduct their investigation of the incident.

While CNA may consider restoring their data from the backups, no concrete information is yet available in this regard.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses