Weekly Intelligence Summary 02 April

April 2, 2021

Insurance provider CNA Financial has announced it was targeted in a cyber attack, later confirmed as involving the newly identified “Phoenix Cryptolocker” ransomware. Files on more than 15,000 devices were encrypted, including devices of employees working remotely. It is realistically possible that Phoenix Cryptolocker’s operators attacked CNA Financial as a steppingstone to attack its customers covered by cyber insurance policies, or to create a list of customers to potentially target. Organizations covered by cyber insurance are an attractive target for ransomware, because the attackers can tailor the ransom demand to the covered amount and increase the likelihood of receiving payment. Ransomware attacks will highly likely continue, and it is realistically possible that threat groups will continue to attempt supply-chain attacks to distribute ransomware.

Previous Report
Weekly Intelligence Summary 09 April
Weekly Intelligence Summary 09 April

A user of the cybercriminal forum RaidForums has offered 533 million records of Facebook user data for only...

Next Report
Cyber Threat Intelligence Solutions Guide
Cyber Threat Intelligence Solutions Guide

This guide outlines best practices for cyber threat intelligence and features resources to leverage when de...

Want To Try Our Digital Risk Protection Tool?

Get Started Free