AXA, a French Multinational Insurance Company was reportedly hit by Avaddon Ransomware Gang last week halting IT operations in its offices located in the Philippines, Hong Kong, Malaysia, and Thailand.
Highly placed sources state that the hackers accessed certain information related to its partner companies from Asia and so a forensic team has been pressed into service to investigate the incident.
Hackers from Avaddon have claimed on a web resource from the dark web that they have possessed 3 TB of data from AXA Group and the information includes ID Card details, denied reimbursement details, contacts, customer claims, payments to customers, bank account information, passports and medical records of customers seeking medical insurance reimbursement.
Cybersecurity Insiders has learned that the gang initially demanded a ransom of $3m and since the IT staff of AXA’s Asian division failed to pay it, they decided to post that stolen info on the dark web for sale.
Note 1- Russia is suspected to be funding the Avaddon ransomware group that has so far targeted companies from North America and France. However, recently that gang seems to have diverted its focus towards Asia and is seen involving in double extortion incidents where data is stolen before an encrypting software is deployed on a network and is kept so until a ransom is paid. And if the victim doesn’t pay the ransom, then the stolen data is sold on the dark web.
Note 2- In April 2021, Axa announced that it is going to stop all ransomware-related reimbursements made to companies operating in France on an immediate note.
Note 3- AXA Insurance company seems to have taken the ransomware attack on its Asian subsidiaries seriously as it has asked its IT departments to scrutinize the entire computer network in all its branches and subsidiaries and has asked them to take necessary Cybersecurity measures to avoid such incidents in future.