A US insurance company may have paid one of the most expensive malware ransoms to date. According to Bloomberg, CNA Financial shelled out $40 million in late March to regain control of its network following a two-week lockout. To put that payout in perspective, the CEO of the Colonial Pipeline told The Wall Street Journal this week his company paid $4.4 million to hackers. That’s a ransomware attack that led to fuel shortages across the US.
“CNA is not commenting on the ransom,” a spokesperson for the company told Bloomberg. “CNA followed all laws, regulations and published guidance, including OFAC’s 2020 ransomware guidance, in its handling of this matter.”
The company fell victim to Phoenix Locker, an offshoot of the Hades ransomware created by infamous Russian cybercrime operation Evil Corp. Some security researchers believe Evil Corp is also behind WastedLocker, the malware linked to last year’s Garmin ransomware attack. In 2019, the US Treasury Department sanctioned the group for its activities. It’s unclear if Phoenix, the group behind the CNA attack, is affiliated with Evil Corp.