A ransomware attack has targeted four Asian subsidiaries of the Paris-based insurance firm AXA, affecting operations in Thailand, Malaysia, Hong Kong, and the Philippines, according to the insurer.
The Avaddon ransomware gang claimed to have stolen three terabytes of information, including medical records and correspondence with doctors and hospitals.
Customer medical reports (revealing their sexual health diagnosis), copies of ID cards, bank account statements, claim forms, payment records, contracts, and more were among the data stolen by Avaddon ransomware gang, according to a report by BleepingComputer.
The ransomware announcement comes less than a week after AXA announced that it would no longer reimburse ransomware extortion payments while underwriting cyber-insurance policies in France.
The group claims to have obtained 3 TB of data belonging to AXA including:
- customer medical reports (including those containing sexual health diagnosis)
- customer claims
- payments to customers
- customers’ bank account scanned documents
- material restricted to hospitals and doctors (private fraud investigations, agreements, denied reimbursements, contracts)
- Identification documents such as National ID cards, passports, etc.
Avaddon’s disclosure of the attack on AXA’s infrastructure comes less than a week after AXA announced that ransomware extortion payouts will no longer be covered by cyber-insurance policies written in France.
Avaddon started leaking some of the stolen data on their leak site, verified by BleepingComputer. However, the exact date of the attack is not known.
Avaddon also threatened AXA with leaking AXA’s important records if the insurance firm did not meet and comply with them within ten days.
AXA’s websites in Thailand, Malaysia, Hong Kong, and the Philippines were also allegedly under aggressive DDoS attack, according to the group.
“At present, there is no evidence that any further data was accessed beyond IPA (Inter Partners Assistance) in Thailand”, AXA spokesperson told BleepingComputer.
As of now AXA has not said anything about the ransom amount demanded by Avaddon.
Ransomware attacks on businesses are on the rise, causing chaos on many, with attackers demanding outrageously high ransom payments.
The DarkSide cybercrime group recently demanded $5 million to reopen the Colonial Pipeline system.
And, just this week, Ireland’s Health Service Executive had to shut down the IT system after suffering a major ransomware attack.