Insurance group Axa said one of its Asian business units fell victim to a “targeted ransomware attack,” after a group of cybercriminals claimed to have seized tons of sensitive company data.
Axa Partners, an international arm of the Paris-based insurer, said on Sunday that parts of its operations in Asia were “recently victims of a targeted ransomware attack that impacted its operations in Thailand, Malaysia. , Hong Kong and the Philippines ”.
In an apparent first for the industry, Axa said last week it would suspend the writing of cyber insurance policies that reimburse the cost of ransom payments made to cyber cartels. This decision, limited to the group’s French customers, comes as some officials criticized insurers for encouraging companies to pay by offering such reimbursements.
A person familiar with the matter said the ransomware attack took place before Axa’s decision to change its approach.
Confirmation of Axa’s attack came after cybercriminals using ransomware called Avaddon on Saturday said they had hacked the group’s operations in Asia and stole three terabytes of data, in a dark web article seen by the Financial Times.
The post said the data was collected from its units in Thailand, the Philippines, Hong Kong and Malaysia, and included personally identifiable customer information, medical records and complaints, as well as hospital data. and doctors.
It also included screenshots of ID cards and passport pages, bank documents, hospital bills, and medical records of the patients’ personal health status that the hackers appeared to be sharing as evidence that they had compromised society.
The operations involved are the responsibility of Asia Assistance, which provides emergency support services, including health, to other parts of the group. Axa Partners said data processed at a Thai unit, Inter Partners Asia, had been compromised, adding “there is no evidence that other data was accessed.”
“A dedicated task force with external forensic experts is investigating the incident,” the company added, saying regulators and business partners have been notified.
Axa said if this is the case that “any individual’s sensitive data has been affected, necessary steps will be taken to notify and support all corporate clients and individuals affected.”
AXA Philippines said on its Facebook page that it was experiencing “technical issues” with its Emma by AXA PH app, MyAXA web portal and corporate website.
The news of the hack comes a week after a high-level ransomware hack from a American pipeline caused fuel shortages on the East Coast. Ransomware attacks typically take control of victims’ data or computer systems, only to free them if they pay a fee.
As many cybercriminal cartels, Avaddon maintains the ransomware, and also leases it to others through an affiliate program, thereby reducing the proceeds of attacks. According to cybersecurity experts In Malwarebytes, the FBI issued a warning last week that an anonymous group was using Avaddon to escalate attacks on U.S. and foreign private sector companies, manufacturing groups and health agencies.
The hack of the colonial pipeline has reignited the debate over whether there should be a blanket ban on victims paying ransom. The White House and the FBI advise against paying extortion fees, arguing it only incites more blackmail activity and funds criminal activity.
However, some cybersecurity experts say organizations have no choice and that a ban could push gangs towards more vulnerable targets, like hospitals.
A typical cyber insurance policy would cover the ransom itself, post-attack services, and data recovery or business interruption costs.
The latter is one of the “big drivers” driving up the prices of cyber insurance, according to Sarah Stephens, cyber manager for the international division of insurance broker Marsh. The ease of launching attacks has caused an “epidemic” of ransomware incidents, she said.
Cyber insurance prices have climbed in recent months as insurers pass on higher claims, Aon, another broker, saying in March that major insurers expect rate hikes of 20-50% throughout 2021. .
With additional reporting from Stefania Palma in Singapore and Primrose Riordan in Hong Kong and David Keohane in Paris