In a perfect example of irony, cybersecurity insurance company AXA decides to stop covering ransomware payments and is hit with a ransomware attack a week later.
According to Graham Cluley, just one week after AXA, a huge cybersecurity insurance firm decided that they would “no longer be writing policies to cover ransomware payment,” offices in Thailand, Malaysia, Hong Kong, and the Philippines were hit hard with a ransomware attack.
Hot For Security reported that “AXA’s decision, which appears to be a first for the cyber insurance industry, will still reimburse companies for the cost of responding and recovering from a ransomware attack – but will not cover the often significant sums of cryptocurrency demanded by criminal gangs after they have compromised a network and encrypted or stolen data.”
They will continue to pay according to policies already in place. The change affects only new policies. Additionally, this change only affects ransomware payments in France, not other parts of the country. France is second to the U.S. in losses due to ransomware. Last year they paid out $5.5 billion to hacker gangs.
First reported by the Financial Times, “the Avaddon ransomware gang posted on its website over the weekend that it had stolen three terabytes worth of data, including:
- Customer’s personally identifiable information (PII), including passport and I.D. documents. These can easily be used for identity theft and fraud.
- Customers’ medical records, hospital bills, and also claims.”
How Did AXA Respond?
The Financial Times noted that AXA said that the data came from a single location, Inter Partners Asia based out of Thailand. Their investigation showed that the hackers accessed no other information.
AXA Philippines posted a message to customers on its Facebook page saying that their MyAXA web portal was down due to technical issues. Anyone needing to speak with a representative should call the company’s hotline. The message reads:
The MyAXA web portal is currently inaccessible. We apologize for the inconvenience.
Please be assured that we are working on the issue. In the meantime, please reach out to your AXA financial partner for any inquiries or concerns. Thank you.”
Unfortunately, there is no word yet how large a ransom the cybercriminals demanded or whether or not the cyber insurance giant will pay up. It is a common theme for gangs to target companies that carry cybersecurity insurance because hackers believe the payout will be larger and faster.