PARIS -- A targeted ransomware attack hit four countries among the Asian operations of AXA Partners, the international subsidiary of AXA insurance group, with some data in Thailand accessed, AXA Partners said. The criminals claimed to have stolen 3 terabytes of data, including medical records and communications with doctors and hospitals.
The attack and its full impact were being investigated. If the investigation “confirms that sensitive data of any individuals have been affected, the necessary steps will be taken to notify and support all corporate clients and individuals impacted,” the company said a brief statement Sunday. It noted the attack was recent, but did not specify when exactly it occurred.
The ransomware attack impacted information technology operations in Thailand, Malaysia, Hong Kong and the Philippines, the statement said. “As a result, certain data processed by Inter Partners Asia (IPA) in Thailand has been accessed,” it said.
The statement added that “regulators and business partners have been informed.”
News of the Asia attack was first reported by the Financial Times.
The Russian-speaking attackers used a ransomware variant called Avaddon. In a post on their darknet leak site including some document samples, they claim to have stolen 3 terabytes of data including medical records, customer IDs and privileged communications with hospitals and doctors.
Avaddon threatened to leak “valuable company documents” in 10 days if the company did not pay an unspecified ransom.
AXA, among Europe’s top five insurers, said this month that it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals. The Paris-based group said it was suspending the option in France only in response to growing concern that such reimbursements encourage cyber criminals to demand ransom from companies they prey on, crippling them with malware. Once victims of ransomware pay up, criminals provide software keys to decode the data. Last year, ransomware reached epidemic levels as criminals increasingly turned to “double extortion,” stealing sensitive data before activating the encryption software that paralyzes networks and threatening to dump it online if they don't get paid.
The top victims of ransomware are in the United States, followed by France, experts say. The extent of damage, and payouts, in Asian countries was not immediately clear. Like most top ransomware purveyors, Avaddon's ransomware is programmed not to target computers with Russian-language keyboards and enjoys safe harbor in former Soviet states.
Ransomware attacks returned to headlines this month after hackers struck the United States’ largest fuel pipeline, the Colonial Pipeline, and the company shut it down for days to contain the damage.
The ransomware gangs that have had the biggest impact are so-called “big-game” hunters like Avaddon that identify and target lucrative victims. They work through affiliates who do most of the work. They rented their “ransomware-as-a-service” to partners they recruit on darknet crime forums and divide the profits.