Maze Authors Claim to Have Hit Insurer Chubb

A leading insurance provider appears to have been targeted by a notorious ransomware group, which is threatening to release information stolen from the company if it doesn’t pay up.

Chubb Insurance, which offers cyber-policies as well as other types of protection, has become the latest company singled out by the Maze group.

Once organizations have been infected with Maze ransomware the group lists them on its dedicated ‘News’ site, which Infosecurity won't link to, where they are given notice that stolen records will be published unless the ransom is paid.

It’s a relatively new but increasingly popular tactic used by ransomware gangs to force payment even if the victim organization has backed-up.

The group claimed on its site that Chubb was “locked” at some point in March. It included the emails of the firm’s CEO, COO and vice-chairman as ‘evidence’ of its intent, although the insurer has claimed its systems remain untouched.

"We are currently investigating a computer security incident that may involve unauthorized access to data held by a third-party service provider. We are working with law enforcement and a leading cybersecurity firm as part of our investigation,” it said in a statement.

“We have no evidence that the incident affected Chubb’s network. Our network remains fully operational and we continue to service all policyholder needs, including claims. Securing the data entrusted to Chubb is a top priority for us. We will provide further information as appropriate.”

That said, security researchers have discovered unpatched vulnerabilities at the firm which could theoretically have provided a route to ransomware infection.

Bad Packets Report claimed last week to have found five exposed Citrix Netscaler servers, after scanning for the CVE-2019-19781 vulnerability.

The flaw in Citrix Application Delivery Controller (ADC) and Citrix Gateway could allow an unauthenticated attacker to perform arbitrary code execution. It’s already been linked to multiple ransomware attacks including one on a German car parts manufacturer.

What’s Hot on Infosecurity Magazine?