AXA Faces DDoS After Ransomware Attack

Insurance giant AXA could face a barrage of DDoS attacks if it refuses to engage with a ransomware group that claims to have stolen terabytes of data from some of its Asia customers.

It emerged over the weekend that partners of the French multinational had been struck by the Avaddon variant, which claimed to have encrypted data in Thailand, the Philippines, Hong Kong and Malaysia.

The group also claimed to have stolen 3TB of highly sensitive data including customer HIV and STD reports, customer and doctor ID documents and bank account details, and much more.

According to the post on its leak site, republished by Heimdal Security, the insurance group has 10 days from Saturday before Avaddon launches DDoS attacks on its network, in a bid to force payment.  

Some passport details touted as part of the breach have already been leaked, as is customary, to show the group means business.

The incident comes just days after AXA announced a new policy in France whereby it would no longer reimburse customers for any ransomware payments made to threat groups. The stance had been praised by security experts who believe that cyber-insurance payments are perpetuating the global problem of ransomware.

ImmuniWeb founder and CEO, Ilia Kolochenko, argued that the jurisdictions affected have weaker data protection regulations than Europe.

“The financial and legal consequences of the breach in the EU or Singapore would have been much higher,” he added. “This incident also emphasizes the importance of a third-party risk management program to protect corporate data.”

Martin Jartelius, CSO of Outpost24, added that the size of the claimed data haul is particularly worrying in an age when privacy-by-design should be paramount.

“Ransomware and targeted breaches are a threat to all organizations and can be extremely difficult to protect against. But here the leaked information, and the existence of such information to leak, is more concerning,” he said.

“As always when someone prepared to commit crimes to get money give you a promise not to release in the case money is awarded, there is little to nothing to support that they will not be back asking for more money again, and again.”

What’s Hot on Infosecurity Magazine?