22.7 C
New York
Thursday, October 21, 2021

After dropping support for ransom payments, AXA struck by ransomware in Asia

Must read

French multinational insurance firm AXA S.A. has been struck by a ransomware attack after the company announced May 9 that it would stop paying for ransomware crime payments.

Reuters reported the company said today that one of its Asia Assistance divisions had been targeted and that information technology services were affected in Thailand, Malaysia, Hong Kong and the Philippines. “As a result, certain data processed by Inter Partners Asia (IPA) in Thailand has been accessed,” AXA noted.

According to Hackread, the Avaddon ransomware group was behind the attack and is claiming responsibility on its dark web site. The group claims to have stolen 3 terabytes of data, including a long list of information: ID cards, passport copies, customer claims, reserved agreements, denied reimbursements, payments to customers, contract and reports, customer IDs and bank account scanned papers, hospital and doctor reserved material (private investigation for fraud) and customer medical reports including HIV, hepatitis, STD and other illness reports.

Avaddon provided copies of two passports as evidence, one Thai and the other from the U.K.

The ransom being demanded was not disclosed. The ransomware group said AXA has 240 hours to communicate and cooperate, otherwise it will leak valuable company documents.

The attack by Avaddon comes just under a week since both the U.S. Federal Bureau of Investigation and the Australian Cyber Security Centre issued warnings that an Avaddon campaign was targeting organizations worldwide. The FBI said that Avaddon ransomware affiliates are trying to breach the networks of manufacturing, healthcare and other private sector organizations, while the ACSC said that the targets included government, finance, law enforcement, energy, information technology and health.

“In addition to encryption of data, victims are threatened with the publication of stolen data, as well as Distributed Denial of Service against their network,” the ACSC added.

Avaddon dates to around June last year and was first detailed in July by Trend Micro Inc. Avaddon ransomware attacks are typically propagated through emails with a JavaScript attachment. Once the attachment is downloaded and run, it users a PowerShell command and the BITSAdmin command-line tool to download and run the ransomware payload.

At this point, users have their wallpaper changed to an image that states that “all your files have been encrypted” and told to read a ransomware note. The note provide instructions on how the affected users can recover their encrypted files.

Photo: Kokky92/Wikimedia Commons

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

- Advertisement -spot_img

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -spot_img

Latest article