The Avaddon ransomware group claimed on their leak site that they had stolen 3 TB of sensitive data from AXA's Asian operations. Additionally, BleepingComputer observed an ongoing Distributed Denial of Service (DDoS) against AXA's global websites making them inaccessible for some time.
The compromised data obtained by Avaddon, according to the group, includes customer medical reports (exposing their sexual health diagnosis), copies of ID cards, bank account statements, claim forms, payment records, contracts, and more. The announcement from the group comes roughly a week after AXA stated that they would be dropping reimbursement for ransomware extortion payments when underwriting cyber-insurance policies in France. More information
Lior Div, CEO and Co-founder, Cybereason has offered the following comment: "Unfortunately, AXA is in the long line of companies suffering from a ransomware attack. While it will take some time to learn the specifics of this newest attack, it is important to remind everyone ransomware attacks can be disrupted and stopped before they have a material impact on an organization by using endpoint detection and remediation software.
In fact, the Biden Administration issued an Executive Order (EO) last week on combating ransomware and broader cybersecurity threats to critical infrastructure across federal and local agencies. Endpoint detection and remediation software was prescribed as a solution in the EO. Just a few years ago, many organizations implemented off-site data backup and recovery solutions with the notion that, in the case of a ransomware attack, they could confidently rebuff the attackers’ ransom demand and focus their mitigation efforts on restoring their systems from the backups. This was a pretty solid strategy until ransomware purveyors evolved their methods to include alternative means to pressure organizations into paying up - hence the emergence of the Double Extortion tactic.
Cybereason strongly recommends against paying ransom demands as our recent research shows that more than half the companies that pay a ransom are hit a second time. However, each ransomware attack is unique to the impacted organization. The attack group, jeopardized data set, and potentially impacted third-party is somewhat unique to every situation. Organizations often deliberate long and hard before deciding to meet the ransom demands. A company’s lawyers and insurer will be involved in the decision to pay the ransom. Companies make decisions based on what they think is in the best interest of the company, its customers and shareholders."
|
