After dropping support for ransom payments, AXA struck by ransomware in Asia
French multinational insurance firm AXA S.A. has been struck by a ransomware attack after the company announced May 9 that it would stop paying for ransomware crime payments.
Reuters reported the company said today that one of its Asia Assistance divisions had been targeted and that information technology services were affected in Thailand, Malaysia, Hong Kong and the Philippines. “As a result, certain data processed by Inter Partners Asia (IPA) in Thailand has been accessed,” AXA noted.
According to Hackread, the Avaddon ransomware group was behind the attack and is claiming responsibility on its dark web site. The group claims to have stolen 3 terabytes of data, including a long list of information: ID cards, passport copies, customer claims, reserved agreements, denied reimbursements, payments to customers, contract and reports, customer IDs and bank account scanned papers, hospital and doctor reserved material (private investigation for fraud) and customer medical reports including HIV, hepatitis, STD and other illness reports.
Avaddon provided copies of two passports as evidence, one Thai and the other from the U.K.
The ransom being demanded was not disclosed. The ransomware group said AXA has 240 hours to communicate and cooperate, otherwise it will leak valuable company documents.
The attack by Avaddon comes just under a week since both the U.S. Federal Bureau of Investigation and the Australian Cyber Security Centre issued warnings that an Avaddon campaign was targeting organizations worldwide. The FBI said that Avaddon ransomware affiliates are trying to breach the networks of manufacturing, healthcare and other private sector organizations, while the ACSC said that the targets included government, finance, law enforcement, energy, information technology and health.
“In addition to encryption of data, victims are threatened with the publication of stolen data, as well as Distributed Denial of Service against their network,” the ACSC added.
At this point, users have their wallpaper changed to an image that states that “all your files have been encrypted” and told to read a ransomware note. The note provide instructions on how the affected users can recover their encrypted files.
Photo: Kokky92/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.