Cybercriminals have hit four Asian subsidiaries of the Paris-based insurance company AXA with a ransomware attack, impacting operations in Thailand, Malaysia, Hong Kong and the Philippines, AP reported.
The criminals claimed to have stolen 3 terabytes of data including medical records and communications with doctors and hospitals.
AXA Partners, the Paris insurer’s international arm, offered few details of the Asia attacks. It said in a brief statement Sunday that their full impact was being investigated and that steps would be “taken to notify and support all corporate clients and individuals impacted.” It said the attack was recent, but did not specify when exactly. It said data in Thailand was accessed and that “regulators and business partners have been informed.”
Financial Times reported that attackers used a ransomware variant called Avaddon. In a post on their darknet leak site including some document samples, they claim to have stolen 3 terabytes of data including medical records, customer IDs and privileged communications with hospitals and doctors. Avaddon threatened to leak “valuable company documents” in 10 days if the company did not pay an unspecified ransom.
AXA, among Europe’s top five insurers, said this month that it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals.
The insurer said at the time that it was suspending the option in France only in response to growing concern that such reimbursements encourage cyber criminals to demand ransom from companies they prey on, crippling them with malware. Once victims of ransomware pay up, criminals provide software keys to decode the data.
Last year, ransomware reached epidemic levels as criminals increasingly turned to “double extortion,” stealing sensitive data before activating the encryption software that paralyzes networks and threatening to dump it online if they don’t get paid.