Cyber insurance giant CNA hit by ransomware attack

Graham Cluley
@gcluley

Insurance firm CNA Hardy says that it has suffered a “sophisticated cybersecurity attack” that has impacted its operations, including its email system.

According to a statement posted on the firm’s website, CNA determined it had fallen foul of hackers on March 21:

“Out of an abundance of caution, we have disconnected our systems from our network, which continue to function. We’ve notified employees and provided workarounds where possible to ensure they can continue operating and serving the needs of our insureds and policyholders to the best of their ability.”

“The security of our data and that of our insureds ’and other stakeholders is of the utmost importance to us. Should we determine that this incident impacted our insureds’ or policyholders’ data, we’ll notify those parties directly.”

CNA doesn’t go into details regarding the nature of the attack, but according to a report on Bleeping Computer, the insurer was hit by a new type of ransomware known as Phoenix CryptoLocker, possibly linked to Evil Corp.

Sign up to our newsletter
Security news, advice, and tips.

The ransomware reportedly encrypted data on over 15,000 devices on CNA’s corporate network, as well as the computers of remote-working employees who were logged into the firm’s VPN when the attack occurred.

Of course, one of the types of insurance that CNA sells is err… cyber insurance:

“We understand that no matter what industry your clients operate within, cybercrime poses one of their greatest risks. In fact, cybercrime is the world’s fastest growing criminal activity, estimated to cost businesses more than €340bn a year. Whilst money is the primary motivator for cyber criminals, other factors such as ideology, sympathy, anger and espionage are also significant drivers of cybercrime.”

“Through our NetProtect® product line we provide first – and third party cyber coverage to address a broad range of exposures including security breaches, mistakes and unauthorised employee acts, virus attacks, hacking, identity theft or private information loss, and infringing or disparaging content.”

Just last week I described how ransomware gangs were claiming they were specifically targeting businesses who had taken out cyber insurance as they felt they were more likely to successfully extort a ransom.

Furthermore, it was claimed that malicious hackers were targeting insurance firms in order to determine who had taken out cyber insurance, and after working through an insurer’s customers would then try to hold the insurer to ransom too.

In other words, some of CNA Hardy’s clients may already have been hit by the same hackers who are now threatening CNA Hardy itself.

If you’re a client of CNA Hardy it probably wouldn’t do any harm to take a more careful look than normal into whether your systems have been compromised.

No one should smirk too quickly at CNA Hardy’s misfortune – every day more organisations are being hit by ransomware. There is no industry that is magically immune from the scourge.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.