CNA Financial Fell Victim to a ‘Sophisticated’ Ransomware Cybersecurity Attack
Stealing Policyholders’ Data Would Help Ransomware Attackers to Better Target Firm’s Customers.
CNA Financial is one of the largest American insurance companies, providing a broad range of standard and specialized property and casualty insurance products and services for businesses and professionals in the U.S., Canada, Europe, and Asia.
In a statement posted on its website, CNA Financial Corporation informed the public that on March 21, 2021, it has been allegedly affected by a “sophisticated cybersecurity attack”, as the insurance giant described it.
The ransomware cyberattack interrupted the company’s employee and customer services for three days as the firm closed down “out of an abundance of caution” to prevent further damage. Certain CNA systems were impacted, including corporate email.
While the organization coordinates its own investigation, CNA officials declare the company has also notified law enforcement. In addition to alerting law enforcement, CNA said a team of third-party forensic specialists was employed to investigate and establish the extent of the attack.
It is still unclear if any client’s information was stolen, but if customer data was compromised, policyholders will be notified directly, CNA declared.
Further, the firm initiated mitigation efforts to attenuate the disruption generated by the cyberattack.
We’ve notified employees and provided workarounds where possible to ensure they can continue operating and serving the needs of our insureds and policyholders to the best of their ability.
Hackers being able to steal policyholder’s data would be the worst thing that could happen in this situation. Coalition CEO Joshua Motta noted that gaining access to their data could help attackers determine which firms had applied for or acquired cyber insurance, the scope of coverage, and the limits of deductibles.
That information can be used by ransomware operators amid bargains after compromising the victims. They can use it to set optimal ransom requests matching the policyholders’ cyber insurance coverage.
If hackers steal any data they can use that information to target the policyholders for their ability to pay because of the cyber insurance backing. Hackers would then be able to craft persuasive phishing messages by accessing their data.
Heimdal® Threat Prevention - Network
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
On April 1, CNA declared it had restored mail functionality protected by two-factor authentication and a threat-blocking “security platform.” According to CNA, the ransomware used during the cyberattack could not automatically spread via internal and external systems.
“We have made significant progress toward restoring our operations in a safe and secure manner,” the company said in a statement posted to its webpage.
The attack on CNA could have a massive impact on other firms, mostly those that have cyber insurance policies through the company. Ransomware gangs usually prefer to attack companies with cyber insurance policies as they are profitable, these types of companies being more likely to pay the ransom.
As we said before, at this time, it is unknown if the threat actors stole unencrypted files before encrypting CNA’s devices. This tactic of stealing unencrypted data has become a usual strategy used by ransomware operators so probably some data was stolen during the cyberattack.