Insurance firm AXA hit by Avaddon ransomware gang

A ransomware attack has targeted four Asian subsidiaries of the Paris-based insurance firm AXA, affecting operations in Thailand, Malaysia, Hong Kong, and the Philippines, according to the insurer.

 

The Avaddon ransomware gang claimed to have stolen three terabytes of information, including medical records and correspondence with doctors and hospitals.

 

Customer medical reports (revealing their sexual health diagnosis), copies of ID cards, bank account statements, claim forms, payment records, contracts, and more were among the data stolen by Avaddon ransomware gang, according to a report by BleepingComputer.

 

The ransomware announcement comes less than a week after AXA announced that it would no longer reimburse ransomware extortion payments while underwriting cyber-insurance policies in France.

 

The group claims to have obtained 3 TB of data belonging to AXA including:

 

  • customer medical reports (including those containing sexual health diagnosis)
  • customer claims
  • payments to customers
  • customers’ bank account scanned documents
  • material restricted to hospitals and doctors (private fraud investigations, agreements, denied reimbursements, contracts)
  • Identification documents such as National ID cards, passports, etc.

 

backdoor, colonial pipeline, colonial pipeline attack, Computer Security, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, cybersecurity news, darkside, darkside hacker group, darkside ransomware, darkside ransomware group, data breach, Data leak, hacker news, hacking news, information security, InfoSec, network security, ransomware, ransomware attack, ransomware gang, ransomware group, ransomware malware, RCE, Remote Code Execution, rootkit, Security, software vulnerability, Vulnerability, Avaddon, Avaddon ransom, AXA cyberattack, Avaddon ransomware gang, axa insurance, axa cyber attack, recent ransomware attacks 2021, axa ransomware attack, avaddon ransomware, world economic forum 2021 singapore, insurer axa ddos, axa partner, axa insurance cyber attack 2020, axa insurance cyber attack online, avaddon ransomware victims, avaddon ransomware data leak site, avaddon ransomware axa, avaddon ransomware reddit, avaddon ransomware ioc, avaddon ransomware decryptor, avaddon ransomware iocs, avaddon decryptor, avaddon ransomware, avaddon ransomware decryptor, avaddon ransomware ioc, avaddon ransomware analysis, avaddon ransomware data leak site, avaddon ransomware removal, avaddon ransomware victims, avaddon ransomware group, avaddon ransomware email, avaddon ransomware website, new avaddon ransomware, remove avaddon ransomware, trend micro avaddon ransomware
Source: BleepingComputer (Medical bill for a patient leaked by the group)

 

Avaddon’s disclosure of the attack on AXA’s infrastructure comes less than a week after AXA announced that ransomware extortion payouts will no longer be covered by cyber-insurance policies written in France.

 

Avaddon started leaking some of the stolen data on their leak site, verified by BleepingComputer. However, the exact date of the attack is not known.

 

Also read: Darkside ransomware gang operations and servers shut down: Reports

 

Avaddon also threatened AXA with leaking AXA’s important records if the insurance firm did not meet and comply with them within ten days.

 

AXA’s websites in Thailand, Malaysia, Hong Kong, and the Philippines were also allegedly under aggressive DDoS attack, according to the group.

 

backdoor, colonial pipeline, colonial pipeline attack, Computer Security, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, cybersecurity news, darkside, darkside hacker group, darkside ransomware, darkside ransomware group, data breach, Data leak, hacker news, hacking news, information security, InfoSec, network security, ransomware, ransomware attack, ransomware gang, ransomware group, ransomware malware, RCE, Remote Code Execution, rootkit, Security, software vulnerability, Vulnerability, Avaddon, Avaddon ransom, AXA cyberattack, Avaddon ransomware gang, axa insurance, axa cyber attack, recent ransomware attacks 2021, axa ransomware attack, avaddon ransomware, world economic forum 2021 singapore, insurer axa ddos, axa partner, axa insurance cyber attack 2020, axa insurance cyber attack online, avaddon ransomware victims, avaddon ransomware data leak site, avaddon ransomware axa, avaddon ransomware reddit, avaddon ransomware ioc, avaddon ransomware decryptor, avaddon ransomware iocs, avaddon decryptor, avaddon ransomware, avaddon ransomware decryptor, avaddon ransomware ioc, avaddon ransomware analysis, avaddon ransomware data leak site, avaddon ransomware removal, avaddon ransomware victims, avaddon ransomware group, avaddon ransomware email, avaddon ransomware website, new avaddon ransomware, remove avaddon ransomware, trend micro avaddon ransomware
Source: BleepingComputer (AXA’s Asia-based websites were timing out yesterday when accessed by BleepingComputer)

 

“At present, there is no evidence that any further data was accessed beyond IPA (Inter Partners Assistance) in Thailand”, AXA spokesperson told BleepingComputer.

 

As of now AXA has not said anything about the ransom amount demanded by Avaddon.

 

Ransomware attacks on businesses are on the rise, causing chaos on many, with attackers demanding outrageously high ransom payments.

 

The DarkSide cybercrime group recently demanded $5 million to reopen the Colonial Pipeline system.

 

And, just this week, Ireland’s Health Service Executive had to shut down the IT system after suffering a major ransomware attack.