Ransomware attack hits 4 Asian countries of AXA subsidiary

A targeted ransomware attack hit four countries among the Asian operations of AXA Partners, the international subsidiary of AXA insurance group, with some data in Thailand accessed, AXA Partners says

PARIS -- A targeted ransomware attack hit four countries among the Asian operations of AXA Partners, the international subsidiary of AXA insurance group, with some data in Thailand accessed, AXA Partners said. The criminals claimed to have stolen 3 terabytes of data, including medical records and communications with doctors and hospitals.

The attack and its full impact were being investigated. If the investigation “confirms that sensitive data of any individuals have been affected, the necessary steps will be taken to notify and support all corporate clients and individuals impacted,” the company said a brief statement Sunday. It noted the attack was recent, but did not specify when exactly it occurred.

The ransomware attack impacted information technology operations in Thailand, Malaysia, Hong Kong and the Philippines, the statement said. “As a result, certain data processed by Inter Partners Asia (IPA) in Thailand has been accessed,” it said.

The statement added that “regulators and business partners have been informed.”

News of the Asia attack was first reported by the Financial Times.

The Russian-speaking attackers used a ransomware variant called Avaddon. In a post on their darknet leak site including some document samples, they claim to have stolen 3 terabytes of data including medical records, customer IDs and privileged communications with hospitals and doctors.

Avaddon threatened to leak “valuable company documents” in 10 days if the company did not pay an unspecified ransom.

The top victims of ransomware are in the United States, followed by France, experts say. The extent of damage, and payouts, in Asian countries was not immediately clear. Like most top ransomware purveyors, Avaddon's ransomware is programmed not to target computers with Russian-language keyboards and enjoys safe harbor in former Soviet states.

Ransomware attacks returned to headlines this month after hackers struck the United States’ largest fuel pipeline, the Colonial Pipeline, and the company shut it down for days to contain the damage.

The ransomware gangs that have had the biggest impact are so-called “big-game” hunters like Avaddon that identify and target lucrative victims. They work through affiliates who do most of the work. They rented their “ransomware-as-a-service” to partners they recruit on darknet crime forums and divide the profits.