CNA Financial Corp., one of the largest US insurance companies, at the end of March paid the hackers $ 40 million for restoring control over its internal network. Such a redemption was required by the attackers who during the attack used a wizard program encrypting data on infected computers.
According to available data, CNA paid a ransom hackers two weeks after the attack, as a result of which the attackers managed to paralyze the work of the company’s internal network. This writes the Bloomberg edition with reference to its own aware sources that wished to preserve confidentiality, since they are not entitled to discuss this issue publicly. It was also said that initially CNA tried to restore the data on its own, but after a week unsuccessful attempts to do this joined negotiations with hackers.
The CNA official statement said that the company followed the law, conducted consultations and transferred all the necessary data in the FBI and the Office for Foreign Activities of the US Department of Finance. The company followed the current recommendations that allow you to avoid violation of sanctions when paying out the ransom of hackers.
During the attack on CNA, Hackers used the malicious software Phoenix Locker. Internal investigation has shown that the attackers who fulfilled this campaign are not subject to sanctions, therefore it was decided to pay a ransom. The fact that CNA paid the hackers will probably cause dissatisfaction with the authorities and regulators. The FBI in the past also did not recommend paying hackers, as it does not guarantee the restoration of system performance.