18 May 2021

French insurance giant AXA hit by a ransomware attack


French insurance giant AXA hit by a ransomware attack

AXA’s Asia Assistance division has suffered a ransomware attack which impacted IT operations in Thailand, Malaysia, Hong Kong and the Philippines. The attack comes days after AXA, one of the world's biggest cyber insurance companies, announced it will stop paying for ransomware crime payments in France.

At the time AXA said that the decision was made in response to concerns aired by French justice and cybersecurity officials about the devastating global epidemic of ransomware.

The perpetrator behind the ransomware attack on AXA appears to be the Avaddon ransomware gang. In a dark web post the group claimed responsibility for the incident and said that they stole over 3 TB of data from the company, including ID cards, passport copies, customer claims, reserved agreements, denied reimbursements, payments to customers, contracts and reports, all customers IDs and all customers bank account scanned papers, customer medical reports (including HIV, hepatitis, STD, and other illness reports), and other info.

AXA has confirmed that the intruders may have stolen some information from its systems, but the company believes only data processed by Inter Partners Assistance in Thailand was accessed.

Earlier this month, the Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) have issued the alerts warning of an ongoing Avaddon ransomware campaign targeting organizations in a variety of sectors across the world.


Back to the list

Latest Posts

Cyber security week in review: August 5, 2022

Cyber security week in review: August 5, 2022

The cybersecurity world in brief: Two crypto platforms targeted in multimillion-dollar attacks, hackers exploited an Atlassian Confluence bug to install a never-before-seen backdoor, and more.
5 August 2022
Threat actors exploit Atlassian Confluence bug to install a never-before-seen backdoor

Threat actors exploit Atlassian Confluence bug to install a never-before-seen backdoor

Ljl Backdoor is a fully-featured malware designed to gather files and user accounts, as well as system information.
4 August 2022
Thousands of Solana wallets drained in yet another multimillion exploit

Thousands of Solana wallets drained in yet another multimillion exploit

More than 8,000 wallets have been affected in the hack.
3 August 2022