"Insurance Giant Reportedly Paid $40 Million Ransom"

In late March, CNA Financial was hit by a variant of the Evil Corp-authored Hades ransomware called Phoenix Locker.  They agreed to the ransom demand and paid the adversaries $40 million after its IT systems were locked down and threat actors stole data.  CNA Financial noted in a security update that it did not believe that the record systems, claims systems, or underwriting systems, where most policyholder data is stored, were impacted by the attack.    CNA Finacial is one of America's largest insurers. The FBI urges victims not to pay the ransom as it encourages more copycat attacks and does not guarantee that the organization's stolen files will not be monetized in the future or that it will even receive a working decryption key.  Insurance companies like CNA Financial have been at the center of fierce debate recently over whether the industry should be assisting customers financially who have been struck by ransomware.

Infosecurity reports: "Insurance Giant Reportedly Paid $40 Million Ransom"