2 min read

Cybersecurity insurance firm Chubb investigates its own ransomware attack

Graham CLULEY

March 27, 2020

Cybersecurity insurance firm Chubb investigates its own ransomware attack

A notorious ransomware gang claims to have successfully compromised the infrastructure… of a company selling cyberinsurance.

The Maze ransomware group says it has encrypted data belonging to Chubb, which claims to be one of the world’s largest insurance companies, and is threatening to publicly release data unless a ransom is paid.

The announcement by the cybercrime gang was published on Maze’s website, where it lists what it euphemistically describes as its “new clients”.

Maze’s normal modus operandi is to compromise an organisation, steal its data, infect the network with its ransomware, and post a pre-announcement on its website as a warning to the corporate victim that if they do not pay a ransom their stolen data will be be published on the internet.

At the time of writing, Maze has published no proof that it has successfully infected Chubb’s systems. It has published the email addresses of its Chief Executive, Vice Chairman, and Chief Operating Officer, but this is information which could have been easily obtained through other means than hacking.

When asked to provide more information, the Maze group is currently keeping its lips sealed – presumably waiting to see if Chubb will pay a ransom.

For its part, Chubb told Bleeping Computer that – with the help of cybersecurity experts and law enforcement agencies – it was investigating whether hackers might have stolen data from a third-party service provider as it has not found any evidence that its own network has been compromised:

“We are currently investigating a computer security incident that may involve unauthorized access to data held by a third-party service provider. We are working with law enforcement and a leading cybersecurity firm as part of our investigation. We have no evidence that the incident affected Chubb”s network. Our network remains fully operational and we continue to service all policyholder needs, including claims. Securing the data entrusted to Chubb is a top priority for us. We will provide further information as appropriate.”

Whether it was Chubb or one of its external partners remains to be seen, but the mention of Chubb on Maze’s list of “new clients” was enough to prompt security researchers to explore the state of Chubb’s security – with some discovering that the company appeared to have left RDP open for anyone to access via the internet, and that the firm was using unpatched Citrix Netscaler servers (commonly exploited in past Maze ransomware attacks)

More and more companies are choosing to take out commercial cyberinsurance policies to mop up some of the costs if they are hit by ransomware and other forms of hacker attacks. For a large company selling cyberinsurance to potentially be one of the latest ransomware victims is particularly ironic, and sends a warning to all firms not to be complacent about the threat.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read