Insurance provider CNA Financial has announced it was targeted in a cyber attack, later confirmed as involving the newly identified “Phoenix Cryptolocker” ransomware. Files on more than 15,000 devices were encrypted, including devices of employees working remotely. It is realistically possible that Phoenix Cryptolocker’s operators attacked CNA Financial as a steppingstone to attack its customers covered by cyber insurance policies, or to create a list of customers to potentially target. Organizations covered by cyber insurance are an attractive target for ransomware, because the attackers can tailor the ransom demand to the covered amount and increase the likelihood of receiving payment. Ransomware attacks will highly likely continue, and it is realistically possible that threat groups will continue to attempt supply-chain attacks to distribute ransomware.
Most Recent Flipbooks
The Federal Security Service of the Russian Federation (FSB) conducted a series of raids and arrests against at least 20 members of the "REvil" ransomware group.
Weekly Intelligence Summary 14th Jan
Researchers have discovered a critical vulnerability in the popular open-source Java SQL database H2
For 2022, cyber-security practitioners must be extraordinarily nimble and adept. Plus information on telegram dropping malware, North Korean group exploits Russia, and Log4j crisis spilling in to 2022
Weekly Intelligence Summary 17th Dec
Log4j bug exposes fragility of digital ecosystem worldwide. Plus information on Magecart home for the holidays, Emotet regaining power, and Muddywater APT group hunts for airline data via Slack.
Weekly Intelligence Summary 10th Dec
Microsoft has allegedly halted a long-term cyber-espionage operation of “NICKEL”, a threat group linked to the People’s Republic of China (PRC).
Weekly Intelligence Summary 27th August
The well-established “Mozi” peer-to-peer (P2P) botnet has developed new persistence capabilities.