• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • Contact Us

iHash

News and How to's

  • The 2023 Travel Hacker Bundle ft. Rosetta Stone Lifetime Subscription for $199

    The 2023 Travel Hacker Bundle ft. Rosetta Stone Lifetime Subscription for $199
  • Apple iPad Air 2, 16GB – Silver (Refurbished: Wi-Fi Only) for $106

    Apple iPad Air 2, 16GB – Silver (Refurbished: Wi-Fi Only) for $106
  • S300 eufyCam (eufyCam 3C) 3-Cam Kit for $579

    S300 eufyCam (eufyCam 3C) 3-Cam Kit for $579
  • eufy Baby Monitor 2 (2K, Smart, Wi-Fi) for $119

    eufy Baby Monitor 2 (2K, Smart, Wi-Fi) for $119
  • eufy SpaceView Add-On Video Baby Monitor for $99

    eufy SpaceView Add-On Video Baby Monitor for $99
  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

Insurance Firm CNA Financial Reportedly Paid Hackers $40 Million in Ransom

May 21, 2021 by iHash Leave a Comment

U.S. insurance giant CNA Financial reportedly paid $40 million to a ransomware gang to recover access to its systems following an attack in March, making it one the most expensive ransoms paid to date.

The development was first reported by Bloomberg, citing “people with knowledge of the attack.” The adversary that staged the intrusion is said to have allegedly demanded $60 million a week after the Chicago-based company began negotiations with the hackers, culminating in the payment two weeks following the theft of company data.

In a statement shared on May 12, CNA Financial said it had “no evidence to indicate that external customers were potentially at risk of infection due to the incident.”

password auditor

The attack has been attributed to new ransomware known as ‘Phoenix CryptoLocker,’ according to a March report from Bleeping Computer, with the strain believed to be an offshoot of WastedLocker and Hades, both of which have been utilized by Evil Corp, a Russian cybercrime network notorious for launching ransomware attacks against several U.S. entities, including Garmin, and deploying JabberZeus, Bugat and Dridex to siphon banking credentials.

In December 2019, U.S. authorities sanctioned the hacking group and filed charges against Evil Corp’s alleged leaders Maksim Yakubets and Igor Turashev for developing and distributing the Dridex banking Trojan to plunder more than $100 million over a period of 10 years. Law enforcement agencies also announced a reward of up to $5 million for providing information that could lead to their arrest. Both the individuals remain at large.

The development comes amid a sharp uptick in ransomware incidents, in part fueled by the pandemic, with the average ransom payment witnessing a massive 171% increase year-over-year from $115,123 in 2019 to $312,493 in 2020. Last year also saw the highest ransomware demand growing to $30 million, not to mention the total amount paid by victims skyrocketing to $406 million, based on conservative estimates.

CNA Financial’s $40 million ransom only shows that 2021 continues to be a great year for ransomware, potentially emboldening cybercriminal gangs to seek bigger payouts and advance their illicit aims.

According to an analysis by ransomware recovery firm Coveware, the average demand for a digital extortion payment shot up in the first quarter of 2021 to $220,298, up 43% from Q4 2020, out of which 77% of the attacks involved the threat to leak exfiltrated data, an increasingly prevalent tactic known as double extortion.

While the U.S. government has routinely advised against paying ransoms, the high stakes associated with data exposure have left victims with little choice but to settle with their attackers. In October 2020, the Treasury Department issued a guidance warning of penalties against companies making ransom payments to a sanctioned person or group, prompting ransomware negotiation firms to avoid cutting a deal with blocked groups such as Evil Corp to evade legal action.

“Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating [Office of Foreign Assets Control] regulations,” the department said.

The surge in ransomware attacks has also had an impact on the cyber insurance industry, what with AXA announcing earlier this month that it will stop reimbursing clients in France should they opt to make any extortion payments to ransomware cartels, underscoring the dilemma that “insurance firms grapple with successfully underwriting ransomware policies while confronted with rising payout costs that threaten profitability.”

To defend against ransomware attacks, it’s recommended to secure all modes of initial access exploited by threat actors to infiltrate networks, maintain periodic data backups, and keep an appropriate recovery process in place.

“Organizations should maintain user awareness and training for email security as well as consider ways to identify and remediate malicious email as soon as it enters an employee’s mailbox,” Palo Alto Networks’ Unit 42 researchers said.

“Organizations should also ensure they conduct proper patch management and review which services may be exposed to the internet. Remote desktop services should be correctly configured and secured, using the principle of least privilege wherever possible, with a policy in place to detect patterns associated with brute-force attacks.”

Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: CNA, computer security, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, financial, Firm, hacker news, Hackers, hacking news, how to hack, information security, Insurance, Million, network security, paid, ransom, ransomware malware, Reportedly, software vulnerability, the hacker news

Special Offers

  • The 2023 Travel Hacker Bundle ft. Rosetta Stone Lifetime Subscription for $199

    The 2023 Travel Hacker Bundle ft. Rosetta Stone Lifetime Subscription for $199
  • Apple iPad Air 2, 16GB – Silver (Refurbished: Wi-Fi Only) for $106

    Apple iPad Air 2, 16GB – Silver (Refurbished: Wi-Fi Only) for $106
  • S300 eufyCam (eufyCam 3C) 3-Cam Kit for $579

    S300 eufyCam (eufyCam 3C) 3-Cam Kit for $579
  • eufy Baby Monitor 2 (2K, Smart, Wi-Fi) for $119

    eufy Baby Monitor 2 (2K, Smart, Wi-Fi) for $119
  • eufy SpaceView Add-On Video Baby Monitor for $99

    eufy SpaceView Add-On Video Baby Monitor for $99

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

@insideBIGDATApodcast: ChatGPT – The Human AI Partnership

Jan 29, 2023 By iHash

Gootkit Malware Continues to Evolve with New Components and Obfuscations

Jan 29, 2023 By iHash

Tags

* Apple Cisco computer security cyber attacks cyber crime cyber news cybersecurity Cyber Security cyber security news cyber security news today cyber security updates cyber threats cyber updates data breach data breaches google hacker hacker news Hackers hacking hacking news how to hack incident response information security iOS 7 iOS 8 iPhone Malware microsoft network security ransomware ransomware malware risk management Secure security security breaches security vulnerabilities software vulnerability the hacker news Threat update video Vulnerabilities web applications

Latest

The 2023 Travel Hacker Bundle ft. Rosetta Stone Lifetime Subscription for $199

Expires January 30, 2024 23:59 PST Buy now and get 94% off Rosetta Stone: Lifetime Subscription (All Languages) KEY FEATURES The benefits of learning to speak a second language (or third) are immeasurable! With its intuitive, immersive training method, Rosetta Stone will have you reading, writing, and speaking new languages like a natural in no […]

Apple iPad Air 2, 16GB – Silver (Refurbished: Wi-Fi Only) for $106

Expires July 11, 2120 23:59 PST Buy now and get 40% off KEY FEATURES The iPad Air 2 boasts 40% faster CPU performance and 2.5 times the graphics performance when compared to its predecessor. Its 9.7″ LED-backlit Retina IPS LCD with a resolution of 2048×1536 provides richer colors, greater contrast, and sharper images for a […]

S300 eufyCam (eufyCam 3C) 3-Cam Kit for $579

Expires January 03, 2123 19:28 PST Buy now and get 0% off KEY FEATURES See 4K Detail Day and Night 180-Day Battery Life Up to 16 TB Expandable Local Storage (Additional Storage Drive Not Included) BionicMind AI Differentiates Family and Strangers HomeBase 3 Centralize Security Management PRODUCT SPECS Resolution 4K (3840×2160)° Night Vision Infrared & […]

eufy SpaceView Add-On Video Baby Monitor for $99

Expires January 28, 2123 06:33 PST Buy now and get 0% off Sweet Dreams on the Big Screen: The large 5″ 720p video baby monitor display shows a sharp picture with 10 times more detail than ordinary 240p-display baby monitors. Long-Lasting Views: Watch your baby for up to 15 hours per chargeplenty of time to […]

ISC Releases Security Patches for New BIND DNS Software Vulnerabilities

Jan 28, 2023Ravie LakshmananServer Security / DNS The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. “A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and […]

eufy Solo IndoorCam C24 (2K, 2-Cam Kit, Plug-in) for $75

Expires January 04, 2123 21:34 PST Buy now and get 0% off KEY FEATURES Knows Whos There: The on-device AI instantly determines whether a human or pet is present within the cameras view. The Key is in the Detail: View every event in up to 2K clarity (1080P while using HomeKit) so you see exactly […]

Jailbreak

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

  Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate.   Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

  Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

Copyright iHash.eu © 2023
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT