It appears that a leading insurance provider has been targeted by a notorious ransomware group, which now is threatening to release information stolen from the company if it doesn’t pay up.
Chubb Insurance, which offers cyber-policies as well as other types, has ironically become the newest company targeted by the group known as ‘the Maze’.
‘News’ Site
When organisations have been infected with Maze ransomware they are then listed on its so-called ‘News’ site, which it’s not advised that anyone visits, and where they are given notice that stolen records will now be published unless they ‘pay-up’.
It’s a tactically new but popular tactic used by ransomware gangs to force payment even if the victim is backed-up.
It was claimed by the group on its site that Chubb was “locked” at some point in March. They published the emails of the firm’s CEO, COO and vice-chairman as so-called ‘evidence’ of its intent, although puzzlingly the insurer has claimed its systems remain untouched?
Statement
“We are currently investigating a computer security incident that may involve unauthorized access to data held by a third-party service provider. We are working with law enforcement and a leading cybersecurity firm as part of our investigation,” it explained in a released statement.
“We have no evidence that the incident affected Chubb’s network. Our network remains fully operational and we continue to service all policyholder needs, including claims. Securing the data entrusted to Chubb is a top priority for us. We will provide further information as appropriate.”
However, security researchers have discovered unpatched vulnerabilities at the firm which could theoretically have afforded a route to ransomware infection.
Citrix Netscaler servers
Bad Packets Report claimed last week to have found five exposed Citrix Netscaler servers, after scanning for the CVE-2019-19781 vulnerability.
The flaw in Citrix Application Delivery Controller (ADC) and Citrix Gateway could allow an unauthenticated attacker to perform arbitrary code execution. It’s been linked to multiple ransomware attacks including one on a German car parts manufacturer.
Our Opinion
That nefarious organisations should seek to ‘ramp-up’ their illegal activities at a time when the entire world is fighting for survival is indicative of the utter moral bankruptcy of the individuals concerned we believe. If caught, they should face the severest of consequences. In our opinion, it is analogous to sabotage of vital infrastructure in a time of war.
