American insurance giant CNA reportedly pays $40m to ransomware crooks
In brief CNA Finaincial, the US insurance conglomerate, has apparently paid $40m to ransomware operators to gets its files back.
In March the business revealed it had been hit by an extensive Phoenix Locker infection; this strain of malware was developed by Russian scam artists calling themselves Evil Corp, which may have links to Russian intelligence.
All CNA systems are now back up and running though it appears that the company didn't manage this themselves and instead coughed up a widely reported $40m to the extortionists for the means to decrypt the scrambled files.
"CNA is not commenting on the ransom, but the company did consult and share intelligence with the FBI and OFAC [US Treasury's Office of Foreign Assets Control] regarding the cyber incident and the threat actor’s identity," a spokesperson told The Register.
"CNA followed all laws, regulations, and published guidance, including OFAC’s 2020 ransomware guidance, in its handling of this matter. Due diligence efforts concluded that the threat actor responsible for the attack is a group called Phoenix. Phoenix is not on any prohibited party list and is not a sanctioned entity."
