Everyone needs or is required to have insurance. This may
take the form of auto, health, dental, short- or long-term disability care, or any
of the other types of insurance. It seems as though if there is a need, you can
find insurance for it. One of the largest commercial insurance carriers in the US is CAN. While being one of the largest insurance carriers in the nation
certainly is a success to be applauded, this also has the tendency to put a
target on you. After all, when a company is this huge, there is a literal mountain
of data to target, and the company certainly has deep pockets to pay a ransom,
if they so choose.
Recently CNA had the pleasure of working through an incident
much like this. Ironically, CNA sells cyber insurance. In this case, the
attackers were able to compromise CNA’s system. Post-breach, they were able to
encrypt over 15K of the company’s devices using Phoenix Crypto Locker, a
variant of Hades. This variant is engineered to encrypt the files on the
compromised machines and demand a ransom for the decrypt key. The group, Evil
Corp, was paid the ransom by CNA.
For everyone and organizations that believe “This can’t
happen to me!”, yes it can. If CNA who has a vast number of resources and even
sells the insurance for this type of incident can be successfully attacked, you
certainly can also.
No comments:
Post a Comment