It comes a week after the insurer said it would be dropping extortion payments when underwriting cyber-insurance policies in France

Asian branches of insurance giant AXA have been struck by a ransomware cyber attack. The intrusion, which has affected its businesses in Thailand, Malaysia, Hong Kong, and the Philippines, comes a week after AXA announced it would be dropping reimbursement for ransomware extortion payments when underwriting cyber-insurance policies in France.

The Avaddon ransomware group claimed on their leak site that they had stolen 3 TB of sensitive data from AXA’s Asian operations. These facilities were also hit by a DDoS [distributed denial of service] attack. 

The compromised data obtained by Avaddon, according to the group, includes customer medical reports, copies of ID cards, bank account statements, claim forms, payment records, contracts, and more. 

AXA says that there is no evidence that data was accessed beyond that of Inter Partners Asia, a partner assistance company, in Thailand.

The company has deployed a task force, with third-party forensic experts, to investigate and determine the full scope of the incident. 

“Insurance companies can be valuable targets for cyber criminals as they are holders of personal identifiable information, personal identifiable health information, payment data, or intellectual property,” according to Fitch Ratings. ”Cyber insurance underwriters also have customer lists and cyber policy limits.”

The rating agency said it would ”monitor for any potential financial, operational, and reputational effects as the event is resolved. Future negative rating implications are unlikely, but cannot be completely ruled out given uncertainty surrounding the duration of the event and its ultimate outcomes.”

According to Lior Div, CEO and co-founder, Cybereason: “Unfortunately, AXA is in the long line of companies suffering from a ransomware attack. While it will take some time to learn the specifics of this newest attack, it is important to remind everyone ransomware attacks can be disrupted and stopped before they have a material impact on an organisation by using endpoint detection and remediation software.”

The emergence of the Double Extortion tactic has added to the complexity of the risk, with cybercriminals putting more pressure on organisations to pay up by threatening to release and/or sell their sensitive data on the Dark Web.

“Cybereason strongly recommends against paying ransom demands as our research shows that more than half the companies that pay a ransom are hit a second time, said Div. ”However, each ransomware attack is unique to the impacted organisation.”

”Organisations often deliberate long and hard before deciding to meet the ransom demands. A company’s lawyers and insurer will be involved in the decision to pay the ransom. Companies make decisions based on what they think is in the best interest of the company, its customers and shareholders.”

In the aftermath of the crippling ransomware attack on a major US fuel pipeline, the Biden Administration has issued an Executive Order (EO) on combating ransomware and broader cybersecurity threats to critical infrastructure across federal and local agencies.

The UK is taking a similar stance. Speaking at the National Cyber Security Centre virtual conference, UK home secretary Priti Patel said the government does not support ransom payments.

“Paying a ransom in response to ransomware does not guarantee a successful outcome, will not protect networks from future attacks, nor will it prevent the possibility of future data leaks. In fact, paying a ransom is likely to encourage criminality to continue to use this approach.”