CNA ransomware reportedly lands a $40 million payout

Ransomware is nothing new and it targets individuals and big companies alike. Unlike with smaller infections, however, we often don't hear how those end, especially with large companies that get billed millions in dollars to free their files. Just like with any kind of ransom, authorities discourage paying those to discourage further behavior. It turns out that one of the US' largest insurance companies may have not heeded that warning and may have paid a hefty sum to get out of a ransomware situation.

It was just last March when Chicago-based CNA, which also offers cyber insurance, ironically, got hit by a ransomware attack. Investigations lead to the malware known as Phoenix Locker and hacking group Phoenix. Phoenix Locker is believed to be a variant of the Hades ransomware created by Russian cybercrime syndicate Evil Corp. that was sanctioned by the US in 2019. Hacking group Phoenix isn't under US sanctions, at least not yet.

It was reported that the group demanded $60 million from CNA to free the files it encrypted. On May 12, the company explained that customer data, particularly those regarding records and claims, were not affected by the attack. Sources familiar with the matter claimed that CNA officials were locked out of their network instead.

That said, Bloomberg's sources revealed that CNA paid a ransom just a week after ignoring those demands. Although it didn't pay what the hackers demanded, it did put out $40 million to pay for those precious files. Naturally, CNA wouldn't comment on paying that ransom and insists it followed all laws and guidance on handling the matter.

If, however, it is proven that it did pay that sum, it would be the highest ransomware payout so far, at least the ones we've heard about. It's likely that some companies may have indeed paid those demands against the advice of authorities. They might just be better at keeping it under wraps than CNA.