On January 23, 2019, CNA Financial Corporation made one of the largest ransom payments in history. In order to regain access to their data that had been encrypted by the “Phoenix” ransomware gang, they paid a (rumored) whopping $16 million (with rumors as high as $40 million.) This has sparked a lot of debate regarding whether or not this was the right thing to do, and there are pros and cons on both sides of the argument. In this article, we will take a closer look at what happened and try to determine what the impact of this payment will be.
What is ransomware?
Ransomeware is a type of malicious software that encrypts a victim’s data and demands a ransom be paid in order to decrypt it. In most cases, the attackers will give the victims a deadline to pay the ransom and threaten to delete or release the data if they do not comply. Oftentimes, these deadlines are unrealistic and even if the victim does pay the ransom, there is no guarantee that they will get their data back.
How did CNA fall victim?
CNA Financial Corporation is one of the largest insurance companies in the United States. They provide commercial and professional liability insurance, surety bonds, and workers’ compensation policies to over 15 million businesses and organizations. In January 2019, they fell victim to a ransomware attack and the data on their computers was encrypted.
How much did they pay?
The amount CNA paid has not been officially confirmed, but it is rumored to be around $16 million. This would make it the largest ransom payment in history.
Why did they pay?
CNA Financial Corporation claims that they paid the ransom because it was in the best interest of their policyholders. They claim that they followed all laws and regulations regarding these types of attacks. Many people are questioning whether or not this was the right thing to do, but only time will tell if it was a wise decision.
What does this mean for businesses?
This story is a reminder that ransomware attacks are becoming increasingly common and businesses need to be prepared. If your business falls victim to a ransomware attack, you should not pay the ransom. There is no guarantee that you will get your data back even if you do pay and it could put you in further danger of being hacked.
Instead, be prepared before an incident takes place.
How businesses can be prepared to combat ransomware
First, make sure your business has a Business Continuity and Disaster Recovery plan. This plan should outline what to do in the event of a ransomware attack.
Second, make sure your data is backed up and stored via air-gapped backups. This way, if your data is encrypted, you will still have access to backups that are stored in a completely separate location.
Third, educate your employees about ransomware and how to spot an attack. Make sure they know not to open attachments or suspicious emails. Use monthly security awareness training to keep your employees up to date on the latest threats.
Fourth, use a robust security solution that can detect and block ransomware attacks before they cause damage.
Ransomware is on the rise and businesses need to be prepared. If you follow these tips, you will be better protected against this type of attack.
Need help making sure you’re protected? We’re here to assist. Simply enter your name and email address below and we’ll be in touch!