Last week the French branch of cyberinsurance company AXA said it would no longer write policies to cover ransomware payments. Shortly after this announcement, the company’s operations in Thailand, Malaysia, Hong Kong, and the Phillippines were hit by… ransomware.
AXA Cyberinsuarance Company Hit by Avaddon Ransomware
Apparently, the company was attacked by the Avaddon ransomware, as evident by the operators’ post on their website. It seems that the ransomware stole 3 terabytes worth of data, including customers’ personally identifiable information (PII), medical records, hospital bills, and claims.
According to a report by Financial Times, AXA shared that the compromised data was processed in a unit known as Inter Partners Asia based in Thailand. Fortunately, there is no evidence to indicate that any further data was breached.
AXA Phillippines shared on its Facebook page that its MyAXA web portal was currently “experiencing technical issues”, and that customers with urgent concerns should contact the company’s customer care hotline.
The amount of ransom demanded by the Avaddon gang hasn’t been revealed, and it’s not known whether the company has decided to pay.
More about Avaddon Ransomware
Avaddon ransomware is a dangerous cryptovirus, mainly utilizing the .avdn file extension. The ransomware has several iterations that append other extensions to encrypted files, such as .BCCaEaadBA and .bcBDBbAEDb.
Commonly, the ransomware drops a ransom money note, called README.TXT, extorting victims to pay a ransom for a decryption key. The Avaddon operators have been known to use macro-infected documents in Microsoft Excel to infect its victims, in phishing attacks spreading the ransomware.