[BreachExchange] CNA website back up two weeks after insurance giant hit with ‘sophisticated ransomware attack’

[Destry Winant]

https://www.chicagotribune.com/business/ct-biz-cna-insurance-ransomware-attack-investigation-20210402-bhcwdbgzwfa4jhklg533n2ifua-story.html

The CNA website was back up Monday and the Chicago-based insurance giant
said it was making “great progress” toward restoring its operations, two
weeks after experiencing a sophisticated ransomware attack.

CNA said the restoration of its website represents a “major step forward”
as it works to recover from a cyberattack that reduced the site to a static
display, shut down its email and forced it to disconnect its network
systems to assess the extent of damage.

While law enforcement and forensic experts hired by CNA conduct
investigations, the company said in an online statement Thursday the attack
had been “successfully contained” and it was safe to communicate with CNA
through its reestablished corporate email system.

CNA sustained the cyberattack March 21, which it disclosed Thursday
included ransomware, a form of malware that corrupts computer systems
through encrypted files, with attackers demanding payment for a software
fix. The company did not disclose information about the attacker, but said
the ransomware used “does not contain the ability to automatically spread
to any internal or external systems.”

Ransomware is a growing threat to both public and private networks, causing
data loss, privacy issues and costing billions of dollars a year, according
to the federal Cybersecurity and Infrastructure Security Agency.

CNA disconnected its systems from its network in the wake of the
cyberattack “to contain the threat,” the company said. That initially shut
down everything from its corporate email to the functionality of its
website.

“We are well into the restoration phase and making significant progress
across our internal systems to return our environment to a fully
operational state,” CNA said in its statement Thursday.

While the company said it had contained the threat, it was unclear if the
cyberattack caused any damage to CNA’s business partners and customers.

“Once our investigation is complete, we will notify any impacted parties as
appropriate,” the company said.

CNA Financial, which has 5,800 employees worldwide, is one of the largest
commercial property and casualty insurance companies in the U.S.,
generating $10.8 billion in revenue last year, according to financial
reports.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210406/b39641f4/attachment.html>