Maze ransomware group claims to have encrypted Chubb cyber insurer's systems

Chubb rejects the ransomware pgroup's claim, however, saying its network is fully operational

Commercial insurance firm Chubb, which also provides cyber security insurance, has allegedly been hit by a cyber attack.

According to BleepingComputer, Maze ransomware operators claim to have successfully attacked the systems of insurance giant and stolen a large amount of personally identifiable information from its systems.

The group said that the attack was carried out in March 2020, in which they encrypted the computers on Chubb's network.

Maze has not yet released any of the stolen data publically, according to BleepingComputer, except the email addresses of some executives, including CEO Evan Greenberg, Vice Chairman John Lupica, and COO John Keogh.

The ransomware operators refused to provide further details about the attack at this time.

In a statement, Chubb said that they were currently probing a computer security incident with the help of a leading cyber security firm and law enforcement agencies.

The company claimed it has found no evidence of a breach so far, and that the security incident might have involved unauthorised access to data held by a third-party service provider.

The company said that its network "remains fully operational" and it was able to serve "all policyholder needs" without any issue.

"We will provide further information as appropriate," the company said.

Commenting on the cyber incident, cyber security intelligence firm Bad Packets said that Chubb has been using many Citrix ADC servers that are vulnerable to the CVE-2019-19871 security flaw. Bad Packets said that hackers have exploited this particular bug in past months to install ransomware on networks.

https://twitter.com/bad\\_packets/status/1243234689222979586?ref\\_src=twsrc%5Etfw

Phobos Group's Dan Tentler also claimed that a Remote Desktop server being used by Chubb is publicly accessible from the internet.

Maze ransomware, which was allegedly used in the cyber attack against Chubb, not only encrypts all the devices in its path, but before that also exfiltrates user files to malicious servers used by the ransomware operators.

The group then uses the data as leverage to demand a ransom from victims. If they refuse to pay-up, their data can be published online by the group.

Last year, the FBI issued an advisory to alert businesses about a spike in Maze-related cyber incidents.

In January, Maze operators threatened to release the data stolen from several victims who had refused to pay the ransom, a strategy more and more ransomware groups have adopted.

Earlier in December, the group published on their website a subset of data stolen from wire and cable manufacturer Southwire after the company refused to cooperate with their $6 million ransom demand.

The group also published on its website the names of 25 victims that included Busch's Inc., BST & Co., Southwire, Lakeland Community College, RBC, Vernay, BILTON, Bakerwotring, THEONE, Groupe Igrec, Mitch Co International, Groupe Europe Handling, Fratelli Beretta, Auteuil Tour Eiffel, Randalegal, and MDL.