Insurance giant AXA has recently announced they have dropped ransomware attack coverage. It seems the cybercriminals didn’t like this news as AXA suffered a ransomware attack itself soon after this announcement. Around the same time, Avaddon also targeted another French firm Acer Finance.
AXA Insurance Suffered Ransomware Attack
According to Bleeping Computer, the French insurance firm AXA has suffered a ransomware attack.
AXA is a France-based multinational insurance firm having offices in many countries globally.
While AXA hasn’t officially disclosed the security incident, the news surfaced online after the Avaddon ransomware gang mentioned the firm’s name on their data leak website.
Reportedly, Avaddon has targeted the Asia-based office of AXA. Specifically, these include Thailand, Malaysia, Hong Kong, and the Philippines branches. The attackers managed to steal 3TB of unencrypted data having sensitive details from the firm’s network.
Regarding the breached information, the data includes customers’ claims, customers’ medical reports, payments, and bank accounts details. Whereas, it also includes the identification documents and other files related to the hospitals and doctors.
After the news surfaced online, AXA admitted the incident via a statement to Bleeping Computer.
Asia Assistance was recently the victim of a targeted ransomware attack which impacted its IT operations in Thailand, Malaysia, Hong Kong, and the Philippines. As a result, certain data processed by Inter Partners Assistance (IPA) in Thailand has been accessed. At present, there is no evidence that any further data was accessed beyond IPA in Thailand.
AXA has pledged to continue with the investigations and to inform the customers if it finds out any data leak.
For now, details about the when and how of the attack, and the ransom demand remain unclear.
Acer Finance Also A Victim
Besides AXA, another French firm, Acer Finance, has also fallen victim to Avaddon ransomware.
As Security Affairs reported, the attackers had given a 240 hours deadline to the victim firm to contact them. Otherwise, the attackers would leak the stolen data that includes sensitive documents.
The two firms disclosed the cyberattack shortly after the Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) issued an alert about ongoing Avaddon ransomware attacks in the wild.
The advisory also highlighted the sectors (that include finance as well) and the countries at risk that included France.