French insurer Axa confirmed over the weekend that one of its Asian subsidiaries has been the subject of a ransomware attack.
The revelation is the latest in a series of high-profile ransomware attacks to have made the headlines in little over a week, following attacks on Colonial Pipeline, the Irish health service and a subsidiary of Toshiba.
The attack further underlines the seriousness of the cyber risk faced by business, with ransomware demands now a depressingly frequent occurrence for vulnerable corporates.
Ransomware attacks typically involve the infection of computers with malicious software, often downloaded by clicking on seemingly innocuous links in emails or other website pop-ups. Users are left locked out of their systems, with the demand that a ransom be paid to restore computer functions.
The targeting of Axa is especially ironic given that it is one of the major players in the emerging cyber insurance market. Only a few days before news of the attack became public, Axa had announced that it would stop writing cyber insurance policies in France that reimburse customers for extortion payments made to ransomware criminals.
Axa said it was investigating after some data processed in Thailand was accessed.
The group said the cyber-attack had targeted its Asia Assistance division, part of Axa Partners, impacting IT operations in Thailand, Malaysia, Hong Kong and the Philippines.
“As a result, certain data processed by Inter Partners Asia (IPA) in Thailand has been accessed,” the Paris-based company said, adding it would notify corporate clients and individuals if it found they had been affected.
The Financial Times had initially reported the attack, adding that it came after cyber criminals using ransomware called Avaddon said on Saturday (15 May) that they had hacked the group’s Asia operations and stolen three terabytes of data, in a dark web post seen by the newspaper.
According to the Financial Times data taken included customers’ personally identifiable information, medical records and claims, as well as data from hospitals and doctors. It also included screenshots of IDs and passport pages, bank documents, hospital bills, and medical records of patients’ personal health conditions that the hackers appeared to be sharing as proof that they had compromised the company.
The Axa attack follows the news on Friday (14 May) that unit of Toshiba Corporation had become the latest high profile target of a ransomware attack by DarkSide, the group the FBI has blamed for the Colonial Pipeline attack.
Toshiba Tec Corporation, which makes point-of-sale systems and copiers, said only a minimal amount of work data had been lost.
Earlier in the week Colonial Pipeline also the subject of a concerted ransomware attack.
The FBI has attributed the Colonial cyber-attack to DarkSide, a group believed to be based in Russia or Eastern Europe. Its ransomware targets computers that do not use keyboards in the languages of former Soviet republics, cyber experts said.
The pipeline shutdown has reduce fuel availability in the near term, pushing up prices and forcing refiners to cut production because they had no way to ship the gas. The pipeline operations have since been restored.
The incident is being regarded as one of the most disruptive digital ransom operations ever reported and has prompted calls from American lawmakers to tighten protections for critical US energy infrastructure against hackers.
Also on Friday, Ireland’s health service operator shut down all its IT systems on Friday to protect them from a “significant” ransomware attack, crippling diagnostic services, disrupting COVID-19 testing and forcing hospitals to cancel many appointments.
An international cyber-crime gang was behind the attack, Ireland’s minister responsible for e-government Ossian Smyth said, describing it as possibly the most significant cyber-crime attempt against the Irish state.
Ireland’s COVID-19 vaccination programme was not directly affected, but the attack was affecting IT systems serving all other local and national health provision, the head of the Health Service Executive (HSE) said.