AXA Insurance has suffered a massive ransomware attack by the Avaddon ransomware that impacted 4 of its Asian divisions.

Stealing data of AXA Insurance subsidiaries:

The ransomware attack impacting AXA insurance was directly experienced by its Asia Assistant Divisions in Thailand, Hong Kong, the Philippines, and Malaysia 

Reportedly, the ransomware attack in AXA insurance led to the leakage of 3TB of data

“As a result, certain data processed by Inter Partners Asia (IPA) in Thailand has been accessed,” noted AXA insurance said on Sunday.

The insurance corp has also added that there is currently no evidence of further data access. 

Details regarding the demands of ransom are yet to be disclosed as well.

Also read,

Malicious Avaddon ransomware

The perpetrators behind the AXA Insurance are alleged to be the Avaddon ransomware which has the malicious capabilities to compromise data via data theft, data encryption while threatening to be made public. 

The Avaddon ransomware group claims that the 3TB of data that was stolen also included highly sensitive data like screenshots of ID cards, passport copies, customer claims, reserved agreements, denied reimbursements, payments to customers, contract and reports, bank account scanned papers, hospital and doctor reserved material (private investigation for fraud) and customer medical reports including HIV, hepatitis, STD and other illness reports.

Subsequently, a limited number of  AXA’S French customers were offered to suspend the writing of insurance policies that refund the cost of random payments from cyberattacks.

FBI on the malicious ransomware gang:

The attack by Avaddon comes just under a week since both the U.S. The Federal Bureau of Investigation(FBI) and the Australian Cyber Security Centre issued warnings that an Avaddon campaign was targeting organizations worldwide.

According to the FBI, Avaddon ransomware affiliates are mainly trying to breach the networks of manufacturing, healthcare, and other private sector organizations, while the ACSC said that the targets included government, finance, law enforcement, energy, information technology, and health.