Axar’s Asian operations were attacked by ransomware

The Axa insurance group said one of the Asian business units was the victim of a “direct ransomware attack” after a cybercriminal group said it had found sensitive data on the company.

Axa Partners, the international arms dealer in Paris, said on Sunday some parts of Asian operations “were the victims of a ransomware attack that recently resulted in operations in Thailand, Malaysia, Hong Kong and the Philippines.”

In the first public appearance for the industry, Axa said last week that it would be so cancel the writing of cyber insurance policies which reimburse the cost of rescue payments made on cyber posters. The move, which was limited to the group’s French customers, has been blamed on insurers by some insurance officials for encouraging companies to pay such offers.

A person familiar with the matter said the ransomware attack occurred before Axis decided to change his approach.

Confirmation of Axis’ attack Cybercriminals using rescue software called Avaddon said on Saturday they had hacked the group’s Asian operations and stolen three terabytes of data, the Financial Times newspaper reported on a dark website.

According to the publication, the data were taken from units located in Thailand, the Philippines, Hong Kong and Malaysia and included customer personal identification information, medical records and claims, as well as hospital and medical data.

In addition, identity card and passport pages, bank documents, hospital bills and medical records of the patients ’personal health status also appeared, which the hackers appeared to share as evidence that the company was at risk.

The affected operations are located within Asia Support, which provides emergency support services, including health care, to other sections of the group. Axa Partners said the data processed at a unit in Thailand, Inter Partners Asia, had been put at risk, adding that “no data had been accessed”.

“A team of outside forensic experts is investigating the incident,” the company added, noting that regulators and business partners have been notified.

Axa said that “if the sensitive data of individuals has been damaged, the necessary measures will be taken to support all affected corporate and private customers.”

AXA Philippines said on its Facebook page that it had “technical issues” with the Emma by AXA PH app, the MyAXA web portal and the corporate website.

The news of the hack comes a week after the operation of the key ransomware US pipeline caused a shortage of fuel on the east coast. Ransomware attacks typically take control of victims ’data or computer systems to release them if they pay a fee.

Like many cybercrime posters, Avaddon maintains ransomware and leases it to others through a member program, reducing any of the proceeds from the attacks. According to cybersecurity experts At Malwarebytes, the FBI warned last week that an unnamed group was using Avaddon to escalate attacks on U.S. and foreign private sector companies, manufacturing groups and health agencies.

The Colonial Pipeline hack has sparked debate again as to whether there should be a general ban on paying ransom victims. The White House and the FBI recommend not paying extortion fees, arguing that blackmail only provides an incentive for further activity and funds criminal activity.

However, some cybersecurity experts say organizations have few options, and a ban could push gangs to weaker targets, such as hospitals.

A typical cyber insurance would cover the costs of rescuing itself, post-attack services and data, or restoring the business.

The latter is a “giant driver” of higher cyber insurance prices, according to Sarah Stephens Marsh, head of the international division of insurance agent. He said the ease of launching the attacks has caused an “epidemic” of ransomware incidents.

Cyber ​​insurance prices have risen in recent months as insurers pass on higher claims, with another agent Aon said in March that big insurance was expected to rise in 2021 and a 50% rate in 2021.

Stefania Palma with additional reports by Singapore and Primrose Riordan in Hong Kong and David Keohan in Paris