General Insurance Article - AXA hit by ransomware attack

Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a ransomware cyber attack.

 The Avaddon ransomware group claimed on their leak site that they had stolen 3 TB of sensitive data from AXA's Asian operations. Additionally, BleepingComputer observed an ongoing Distributed Denial of Service (DDoS) against AXA's global websites making them inaccessible for some time.

 The compromised data obtained by Avaddon, according to the group, includes customer medical reports (exposing their sexual health diagnosis), copies of ID cards, bank account statements, claim forms, payment records, contracts, and more. The announcement from the group comes roughly a week after AXA stated that they would be dropping reimbursement for ransomware extortion payments when underwriting cyber-insurance policies in France. More information

 Lior Div, CEO and Co-founder, Cybereason has offered the following comment: "Unfortunately, AXA is in the long line of companies suffering from a ransomware attack. While it will take some time to learn the specifics of this newest attack, it is important to remind everyone ransomware attacks can be disrupted and stopped before they have a material impact on an organization by using endpoint detection and remediation software.

 In fact, the Biden Administration issued an Executive Order (EO) last week on combating ransomware and broader cybersecurity threats to critical infrastructure across federal and local agencies. Endpoint detection and remediation software was prescribed as a solution in the EO. Just a few years ago, many organizations implemented off-site data backup and recovery solutions with the notion that, in the case of a ransomware attack, they could confidently rebuff the attackers’ ransom demand and focus their mitigation efforts on restoring their systems from the backups. This was a pretty solid strategy until ransomware purveyors evolved their methods to include alternative means to pressure organizations into paying up - hence the emergence of the Double Extortion tactic.

 Cybereason strongly recommends against paying ransom demands as our recent research shows that more than half the companies that pay a ransom are hit a second time. However, each ransomware attack is unique to the impacted organization. The attack group, jeopardized data set, and potentially impacted third-party is somewhat unique to every situation. Organizations often deliberate long and hard before deciding to meet the ransom demands. A company’s lawyers and insurer will be involved in the decision to pay the ransom. Companies make decisions based on what they think is in the best interest of the company, its customers and shareholders."

Back to Index

Similar News to this Story

Smaller insurers to benefit from new Solvency UK thresholds
PRA update increases gross written premium income threshold, by a further £10 million compared with original proposals, to £25 million. Insurers opera
Firms facing unprecedented polycrisis of risk
67% of leaders surveyed say that the risk landscape is now ‘many times more complex’ than it was just three years ago at the height of the covid crisi
Cascading effect of natural disasters and key emerging risks
The 2024 edition of Swiss Re's SONAR report features 16 emerging risks and their potential impacts on the insurance sector and society. Key risks

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS


Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.