CNA Insurance Ransomware Attack
Cyber attackAbout
The CNA Insurance ransomware attack occurred in March 2021, involving the Phoenix CryptoLocker malware. Attackers gained access to CNA's network through a fake browser update on March 5, 2021. They elevated privileges and conducted reconnaissance before deploying ransomware on March 21, encrypting over 15,000 systems. The attackers exfiltrated personal data of about 75,000 individuals, including names, Social Security numbers, and health benefits information. CNA reportedly paid a $40 million ransom to restore its systems. Despite this, there was no evidence that the stolen data was shared or misused. CNA implemented additional security measures post-attack and offered affected individuals 24 months of free credit monitoring. The incident highlights the evolving cyber threat landscape and the importance of robust security measures to prevent such attacks.
