CNA Financial Ransomware Attack

Though the risk is unclear, data accessed could be used against clients as CNA reports of network issues and compromised systems such as Email.

In a statement released through one of its official channels, CNA Financial admit to having fallen victim to a recent cyber-attack that disabled systems and compromised policyholders’ information.

Commenting on the issue, one top cybersecurity analyst argued that “cybercriminals are continuously employing new strategies such as targeting bigger insurance entities. This way, they CNA further spread the risk to the insured businesses once they have acquired sensitive information about policy contracts.”

CNA Financial specializes in providing companies with cyber insurance services against cyber-attacks like the one it sustained. Known as among the highly ranked cyber insurance companies in the U.S., Employing almost 6,000 experts and earning more than $10 billion annually makes CNA Financial a top-ranked insurer in the U.S.

“CNA Financial has a broad client base in the U.S. and among the most trusted cybersecurity insurer for many years.”

According to the statement, the attack disrupted their network and ‘significantly’ impacted other systems such as corporate Email, leading to the shutting down of subsidiary services as a safety measure to limit the attack’s other adverse impacts.

“Our employee systems and corporate email were impacted for three days; hence further measures were taken to shut other systems down to curb the spread of the attack.”

The March 21, 2021 attack compelled CNA Financial to source third-party forensic experts and law enforcement agencies to investigate the issue and alleviate further threats.

The cybersecurity insurer is further worried about what might happen to their client’s exposed data. This CNA be a sure recipe for future attacks against the company and its clients, hence informing affected policyholders.

Among the significant counter-measures adopted by CNA Financial was employee workarounds to facilitate continued assistance to clients as more information about the attack is being gathered.

According to Joshua Motta, Coalition CEO, “this attack could threaten us more if policyholders’ data has been accessed.” The criminals could identify the insured companies and the accompanying deductibles and scope of coverage.

This is because such information in criminals’ hands enables them to prepare even unfriendly ransom demands after exploiting vulnerabilities in policyholders’ systems. This gives them an upper hand as far as phishing is concerned.

Such a threat compelled CNA Financial to notify policyholders that those affected will be communicated to make negotiations even smoother if ransomware operators attack their systems.

However, CNA Financial’s claims were downplayed by the Founder and CEO of Immuniweb, Ilia Kolochenko.

He argued that hackers do not have the time to evaluate what companies are covered and the individual scope of coverage; hence no need for alarms until the range of the attack is determined.

On the contrary, Saryu Nayyar, CEO Gurucul, believed that it could be a new tactic to spread attacks to a more extensive base by compromising the central security source for many businesses.

 He said, “there’s a need for businesses not only to have an insurance policy but also to have threat analytics and the best defense products.”

“Such products are not 100% effective but help in curbing thousands of attacks and viruses launched every day by cybercriminals.”

Therefore, this calls for organizations to adopt and embrace cyber safety practices from top management to operations level. This helps maintain an infrastructure that CNA detect and contain any attack before it spreads further.

Luckily, by April 1, CNA Financial had restored its email functionality with an additional security layer of two-step authentication plus a feature that could detect and block threats.