One of the largest insurance companies in the United States, CNA Financial, reportedly paid a ransom of $40 million in March to get access to its online network again after a cyberattack.
The company paid the hackers approximately two weeks after key parts of the company data were stolen in March and employees were locked out of their online network, Bloomberg reported.
The attack occurred a few weeks before another major cyberattack, on the Colonial Pipeline, which significantly slowed gas delivery in southeastern states in early May.
CNA claims it followed the law with its ransomware payment and that the company notified and consulted with the FBI and the Treasury Department’s Office of Foreign Assets Control regarding the hacker’s identity and potential payment. The Treasury Department said last year that providing ransom payments to criminal hacking groups could create the risk of imposing sanctions.
RUSSIAN HACKER GROUP THREATENS TO RELEASE SENSITIVE DC POLICE RECORDS
The FBI also says in its cyber guidance that it discourages companies from paying ransom to hackers because there is no guarantee of getting one’s data back and that it encourages perpetrators to target more victims and incentivizes more hackers to get involved in such illegal activities.
“CNA is not commenting on the ransom,” CNA spokeswoman Cara McCall told Bloomberg. “CNA followed all laws, regulations, and published guidance, including OFAC’s 2020 ransomware guidance, in its handling of this matter.”
Colonial Pipeline also said earlier this week that it was justified in paying its ransom of $4.4 million dollars to its hackers because it wasn’t sure how much the cyberattack had affected the company or its ability to provide gas to customers again.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
CNA, a Chicago-based company, said in a security update published in May that no critical information in regards to customer data and claims systems was affected by the hack.
