AXA’s Asia Assistance division has suffered a ransomware attack which impacted IT operations in Thailand, Malaysia, Hong Kong and the Philippines. The attack comes days after AXA, one of the world's biggest cyber insurance companies, announced it will stop paying for ransomware crime payments in France.
At the time AXA said that the decision was made in response to concerns aired by French justice and cybersecurity officials about the devastating global epidemic of ransomware.
The perpetrator behind the ransomware attack on AXA appears to be the Avaddon ransomware gang. In a dark web post the group claimed responsibility for the incident and said that they stole over 3 TB of data from the company, including ID cards, passport copies, customer claims, reserved agreements, denied reimbursements, payments to customers, contracts and reports, all customers IDs and all customers bank account scanned papers, customer medical reports (including HIV, hepatitis, STD, and other illness reports), and other info.
AXA has confirmed that the intruders may have stolen some information from its systems, but the company believes only data processed by Inter Partners Assistance in Thailand was accessed.
Earlier this month, the Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) have issued the alerts warning of an ongoing Avaddon ransomware campaign targeting organizations in a variety of sectors across the world.