CNA Financial Paid $40 Million in Ransom to Group It Calls Phoenix

Conti gang offers free decryptor to besieged Irish health orgs, Apple says Mac malware affects hundreds of thousands of users per week, More than 100M Android users' personal data exposed, more

Do you know colleagues who would benefit from receiving Metacurity? Sign up for an organizational account and get 50% discounts per reader.

According to people with knowledge of the transaction, one of the nation’s leading insurance companies, CNA Financial Corp., paid $40 million in late March, two weeks after ransomware actors stole a trove of company data.

The company said it would not comment on the ransom payment but did say it followed all laws in making the payment. CNA hackers used malware called Phoenix Locker, a variant of ransomware dubbed ‘Hades.’ Hades was created by a Russian cybercrime syndicate known as Evil Corp., sanctioned by the U.S. in 2019. CNA said the hackers were a group called Phoenix, which is not subject to U.S. sanctions. (Kartikay Mehrotra and William Turton / Bloomberg)

Related: The Verge, Graham Cluley, Engadget, Slashdot, Daily Mail, The Hill: Cybersecurity