Report: Insurance Company CNA Financial Paid $40M to Ransomware Hackers

3141456 06/28/2017 IT systems in several countries have undergone a global ransomware attack. Alexey Malgavko/Sputnik Alexey Malgavko / Sputnik
Alexey Malgavko / Sputnik/AFP

CNA Financial, one of the largest insurance companies in the United States, reportedly paid $40 million to hackers that hijacked their systems in a ransomware attack that occurred in late March.

Bloomberg reports that CNA Financial, one of the largest insurance companies in the United States, paid $40 million to hackers in late March in order to regain control of its network following a ransomware attack.

The Chicago-based firm paid the hackers around two weeks after a huge trove of company data was stolen and CNA officials were locked out of their network. This information comes from two sources who asked not to be named as they weren’t authorized to discuss the matter publicly.

In a statement, a CNA spokesperson said that the company followed the law. The spokesperson stated that the company consulted and shared intelligence about the attack and hacker’s identity with the FBI and the Treasury Department’s Office of Foreign Assets Control, which said last year that facilitating ransom payments to hackers could pose sanctions risks.

CNA spokesperson Cara McCall stated: “CNA is not commenting on the ransom. CNA followed all laws, regulations, and published guidance, including OFAC’s 2020 ransomware guidance, in its handling of this matter.”

In a security incident updated published on May 12, CNA stated that it did “not believe that the systems of record, claims systems, or underwriting systems, where the majority of policyholder data – including policy terms and coverage limits – is stored, were impacted.”

The average payment to hackers due to ransomware attacks in 2020 was $312,493, according to Palo Alto Networks which represents a 171 percent increase from 2019. The $40 million payment by CNA is larger than any previously disclosed payments to hackers, according to three people familiar with ransomware negotiations.

The CNA hackers reportedly used malware called Phoenix Locker, a variant of ransomware dubbed “Hades.” Hades was created by a Russian cybercrime syndicate known as Evil Corp., according to cybersecurity experts. Evil Corp. was sanctioned by the United States in 2019.

CNA stated that its investigation found that the hackers were a group called Phoenix that isn’t subject to U.S. sanctions.

Ransomware attacks have increased in recent months, recently the Colonial Pipeline was hit with a major ransomware hack, halting the distribution of fuel on the East Coast of the U.S. Breitbart News has since reported that Colonial Pipeline paid around $5 million to hackers to regain access to their systems.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address


Please let us know if you're having issues with commenting.