Insurer AXA hit by ransomware and DDoS attacks

Branches in Malaysia, Thailand, Hong Kong and the Philippines attacked by Avaddon group

Asian branches of Paris-based insurer AXA have been hit by ransomware. The insurer reported the attack on Sunday and ransomware group Avaddon has claimed to have stolen 3 TB of data from the insurance operations, including medical reports, ID information, bank account statements, claims forms contracts and payment records, samples of which it posted to the dark web.

The branches attacked are located in Malaysia, Thailand, Hong Kong and the Philippines. These facilities were also hit by a DDoS attack, presumably by the same group. Avaddon has stated in the past that it will use DDoS attacks against its victims if they fail to pay.

A week ago AXA, announced it would no longer cover its French customers for ransomware attacks.

Cyber insurance has been blamed in part for companies fuelling the ransomware scourge because paying the perpetrators through their insurance policy is often the easiest option.

In March, a purported member of the REvil ransomware gang said that targeting organisations with cyber insurance is "one of the tastiest morsels". ‘Unknown' said the gang likes to hack insurers first, then, after working through their customer list, return to hit those insurers with a destructive attack.

The Financial Times, 'a person familiar with the matter', said the ransomware attack on AXA happened before it decided to change its approach for French customers.

Commenting on the attack, Ilia Kolochenko, founder and CEO of ImmuniWeb and a member of Europol Data Protection Experts Network said AXA could count itself fortunate that the attack had not happened in Europe.

"Luckily for AXA, most of the allegedly affected … have much weaker data protection laws compared to GDPR in Europe, or even have no national data protection law. The financial and legal consequences of the breach in the EU or Singapore would have been much higher."