Skip to main content

AXA suffers major ransomware attack

ID theft
(Image credit: Future)

French multinational insurance firm AXA has been struck by a ransomware attack days after the company announced a change in its policy to stop reimbursing ransom payments for cybercrime victims in its homeland.

The Financial Times pins the attack on the Avaddon ransomware group, which claims to have stolen three terabytes of sensitive customer data, including screenshots of IDs, bank details, and confidential medical records.

AXA has acknowledged the attack, which it says was directed at its Asia Assistance division, as well as affecting IT operations in Thailand, Malaysia, Hong Kong and the Philippines.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

The company told BleepingComputer that it had informed regulators and business partners of the attack and in response has also set up a dedicated task force with external forensic experts to investigate the incident.

Paying ransom debate

The attack on AXA follows a similar ransomware campaign against Colonial Pipelines, which operates one of the largest fuel pipelines in the US. 

Even as Colonial paid the ransom to regain control of its network, it reignited the debate over giving in to the demands of cyber criminals. The US administration and security agencies advise against paying extortion fees, but there is currently no law that prevents victims paying the ransom.

Cyber insurance policies cover the cost of the ransom along with other associated costs incurred due to the downtime. A section of cybersecurity experts feel that this protection makes companies give in to the demands of the attacks, which further emboldens them to launch similar attacks against other similarly protected targets.

In a major announcement last week, AXA said that it would suspend the writing of cyber insurance policies for its French customers that refund the cost of ransom payments. 

While the attack on AXA’s Asian division is seen as a direct result of its newly announced policy, Financial Times leverages on an anonymous individual who it claims is familiar with the matter as saying that the ransomware attack predates the policy change.

AXA hasn’t disclosed the date of the attack, nor the amount of the ransom demanded.

Via BleepingComputer