CNA’s $40 Million Ransom
CNA, one of America’s largest insurance companies, has made a big push to sell cyber insurance—a product that, ironically, is designed to protect businesses from exactly the kind of scenario that CNA itself recently wound up in. In March, a ransomware group calling itself “Phoenix” attacked the company, successfully grabbing large amounts of its data. CNA should definitely get, like, an award or something for its subsequent philanthropic contribution to the digital underworld: the company allegedly paid their data-captors a whopping $40 million—a figure that certainly sets the record for publicly known payments in these scenarios.
At the time, security professionals commented on how dangerous it was that a hacker group may have gained control of cyber insurance policy holder information, as it could allow for more targeted attacks calibrated exactly to victims’ financial information. On the other hand, “Phoenix” operators may have been so rich after their big CNA payout that they just decided to call it a day, forego all future attacks, and retire to some undisclosed hacker paradise.
Related Articles
Federal Cyber Experts Thought Microsoft’s Cloud Was Garbage. They Approved It Anyway.
The government relies, in part, on third-party firms to vet cloud technology, but those firms are hired and paid by the company being assessed.
