News
CNA Financial targeted in ransomware attack
BlogBreachesResourcesNews
CNA Financial targeted in ransomware attack

CNA Financial targeted in ransomware attack

Edward Kost
Edward Kost
July 12, 2021

CNA Financial customers are feeling the ripple effects of a ransomware attack that occurred earlier this year.

In March, CNA Financial was infiltrated by the Pheonix Locker Ransomware which is believed to be a new type of ransomware from Russian cybercriminals Evil Corp. Before deploying the ransomware, Evil Corp exfiltrated sensitive customer data.

CNA Financial sent a message to all 75,349 impacted customers to notify them of the breach.

“The investigation [of the ransomware attack] revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021, to Match 21,2021. During this time period, the threat actor copied a limited amount of information before deploying the ransomware.” CNA Financial said in its breach statement.

Investigation findings also revealed that the cybercriminals accessed customer names and social security numbers. But CNA Financial assures the personal information was completely recovered before the cyberattacks had a chance to abuse it.

“...CNA was able to quickly recover that information and there was no indication that the data was viewed, retained, or shared. Therefore, we have no reason to suspect your information has or will be misused.”

This new family of ransomware may be Evil Corp’ attempt to diversify its identity to evade U.S sanctions. Since 2019, the United States Office of Foreign Assets Control (OFAC) has been on the hunt for Evil Corp and all of its subsidiaries. To sever all sources of funding to the criminal group, the OFAC prohibits ransomware negotiation firms from facilitating ransom payments to Evil Corp.

The sanctions appear to be working because Evil Corp is getting desperate. Recently, the threat actors attempted to mask its ransomware activity behind the ransomware PayLoadBin

Prior to that, the group assumed the name Gracewire for its trojan after returning from a brief hiatus to protect its leader from capture.

In 2019, the United States Government issued a $5 million reward for any information that could lead to the capture of Evil Corp boss Maksim Viktorovich Yakubets.

Even after Maksim’s capture, the financial sector will remain a prime target amongst cyberattackers. To defend against present and future threats, financial institutions need to immediately bolster their sensitive resources

How secure is CNA Financial?

CNA Financial Corporation is a financial corporation based in Chicago, Illinois, United States
  • Check icon
    View our free preliminary report on CNA Financial’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
View CNA Financial's score
View score
http://cna.com
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.

Latest news

Stay up-to-date with the latest news in cybersecurity.
Supply Chain Ransomware Attack Impacts Semiconductor Manufacturer

Supply Chain Ransomware Attack Impacts Semiconductor Manufacturer

One of the world's largest manufacturers of semiconductors has attributed a $250 million loss in its second-quarter sales report to a supply chain attack.
Edward Kost
Edward Kost
February 27, 2023
Optus Data Breach Exposes Up to 9.8 Million Customers' Details

Optus Data Breach Exposes Up to 9.8 Million Customers' Details

Cybercriminals believed to be working for a criminal or state-sponsored operation breached Optus' internal network, compromising personal information impacting up to 9.8 million customers.
Edward Kost
Edward Kost
September 26, 2022
Medibank Data Breach Impacts 9.7 Million Customers

Medibank Data Breach Impacts 9.7 Million Customers

Medibank suffered a data breach that compromised 9.7 million current and former customers.
Edward Kost
Edward Kost
November 11, 2022
OpenWRT breached through admin account

OpenWRT breached through admin account

OpenWRT, an open source firmware solution for home routers, was breached exposing the email addresses of many of its forum users.
Edward Kost
Edward Kost
January 16, 2021
Australian Real Estate Website Hacked 

Australian Real Estate Website Hacked 

Domain, one of Australia’s leading property market platforms, has fallen victim to a cyber attack
Edward Kost
Edward Kost
May 24, 2021
NT Government forced offline by compromised third-party vendor

NT Government forced offline by compromised third-party vendor

The Northern Territory Government's third-party IT system supply has fallen victim to a ransomware attack.
Edward Kost
Edward Kost
January 11, 2021
View all news
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating
UpGuard logo
UpGuard is a complete third-party risk and attack surface management platform.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Contact sales
Free trial
Products
Tools
Company
Insights
Products
Compare
Solutions
Company
Insights
© UpGuard, Inc.
Research GuidelinesPlatform Terms & ConditionsWebsite Terms & ConditionsPrivacyCookies