Was AXA Breached Because They Would no Longer Support Ransomware Payments?

One of the world’s biggest cyber insurance companies, AXA, suffered a ransomware attack at its offices in Asia this weekend by noted ransomware gang Avaddon. The timing of the attack is interesting, as it comes a full week after the insurer disclosed that they would no longer be covering ransomware payments in France. Part of the reason AXA has stopped covering the payments is in response to pressure from French regulators who have blamed the payment of ransom for the increase in ransomware attacks in France.

According to Bleeping Computer, not only has the Avaddon gang encrypted to the data, but they also claim to have stolen 3TB of sensitive data from the AXA Asian offices.  In addition, Avaddon plans to launch DDoS attacks to take down victims’ sites or networks until they reach out and begin negotiating to pay the ransom.

In a response to bleeping computer, AXA said: “Asia Assistance was recently the victim of a targeted ransomware attack which impacted its IT operations in Thailand, Malaysia, Hong Kong, and the Philippines.  As a result, certain data processed by Inter Partners Assistance (IPA) in Thailand has been accessed. At present, there is no evidence that any further data was accessed beyond IPA in Thailand. A dedicated taskforce with external forensic experts is investigating the incident. Regulators and business partners have been informed. AXA takes data privacy very seriously and if IPA’s investigations confirms that sensitive data of any individuals have been affected, the necessary steps will be taken to notify and support all corporate clients and individuals impacted.”

At this time, we don’t know what amount is being demanded by Avaddon, or if AXA has any plans to pay the ransom.  It does show that ransomware continues to be a big problem worldwide.  Chris Clements, vice president of solutions architecture at Cerberus Sentinel told ZDNet the attack “was proof that almost all organizations are vulnerable in some way or on some level and that the scale and complexity of modern networks makes it nearly impossible to plug every potential hole.” Furthermore, Netenrich security advisor Sean Cordero told ZDNet that “for companies as large as AXA, it is often difficult to have sufficient visibility into the cybersecurity practices and controls across their business partners and subsidiaries.”

So, how should your business secure themselves against ransomware? Especially when it is difficult for larger organizations to do so?  Continue to invest in people and technology to help stop attacks. The basics of cyber awareness training, regular application of security updates and patches to systems, comprehensive backup policies and enabling multi-factor authentication (MFA) will help thwart ransomware. If your network has already been compromised by ransomware, ensure you do a full investigation of your network post attack to make sure you’ve cleaned up the malware before you restore your systems from the backups. You should also ensure the backups have not also been infected prior to restoring. Whether you need help protecting your systems from ransomware, or need help investigating a ransomware attack on your systems, you can trust Uzado to help.