US insurer CNA is reported to have paid a $40 million ransom last March as the company attempted to regain control over its network and meet the demands of a highly organised cybercrime syndicate.
The hackers had been successful in infecting CNA’s network with a type of malware known as ransomware, able to encrypt a victim’s data and enable demands to be made.
A recent security incident update inists the majority of policyholder data was unaffected by the breach, however it is believed CNA officials were left locked out of their own network and that the situation was severe enough to warrant the ransom being paid two weeks later.
According to two anonymous individuals familiar with the attack, CNA initially ignored the hackers’ demands and instead pursued options to recover their files without engaging with the criminals.
In a statement, a CNA spokesperson described the company as having followed the law, consulting and sharing intelligence about the attack and the hacker’s identity with the FBI and the Treasury Department’s Office of Foreign Assets Control, which said last year that facilitating ransom payments to hackers could pose sanctions risks.
No more than two months after CNA’s breach in March, the US’ largest fuel pipeline was forced offline by a ransomware attack, causing major disruption and a sudden hike in fuel prices.
The hack is being seen by many as one of the most significant attacks ever to successfully target critical national infrastructure. The pipeline carries 2.5 million barrels a day, or roughly 45% of the East Coast’s supply of diesel, petrol and jet fuel.