AXA, one of the world’s biggest cyber insurance companies, was hit with a ransomware attack at its offices in Asia by the Avaddon ransomware gang.
The targeted ransomware attack disrupted theIT operations in Thailand, Malaysia, Hong Kong, and the Philippines. According to an AXA spokesperson, certain data processed by Inter Partners Asia in Thailand has been accessed, but there was no evidence of any other data being accessed.
A forensic team has been employed to investigate the incident and the insurance company has notified business partners and regulators while it prepares to support all of the clients who may have been impacted.
The Avaddon group posted on its dark web site that it has taken three terabytes of data from AXA Group and that the files include information such as passports, ID cards, denied reimbursements, contracts, customer claims, payments to customers, bank account information, files from hospitals about fraud investigations and medical reports that had sensitive information about patients. They even posted samples of the data.
The post about their latest victim on the dark web page includes the list of targets as well as timers for how long each victim has until ransom will be demanded.
The companies on the list include AXA Group, computer hardware company EVGA, software company Vistex, insurance broker Letton Percival, Henry Oil & Gas, the Indonesian government’s airport company PT Angkasa Pura I, and Acer Finance.
If AXA does not make the payment, the Avaddon members will begin leaking the company’s documents.
Since their discovery in June 2020, the Avaddon gang has published data on dozens of victims on their dark web site. Avaddon also maintains an affiliate program where they recruit hackers from underground forums to deploy their ransomware.