Ransomware Attack Hits AXA Units in Asia, Irish Healthcare

May 18, 2021 Updated: May 18, 2021

A cyberattack has left Asian units of AXA, a Paris-based insurance company, crippled, part of a wave of so-called ransomware breaches on company networks around the world.

A ransomware hacker targeted Asia Assistance, also known as Inter Partners Assistance, in Thailand, Malaysia, Hong Kong, and the Philippines, AXA said Tuesday.

The attackers were able to access certain data, which was not specified, in Thailand. There is no evidence the attacks infiltrated networks elsewhere.

“A dedicated task force, with external forensic experts, is investigating the incident. Since the incident, systems have been restored and regulators and business partners have been informed,” the company added.

AXA declined to answer when asked whether any money had been paid to the attackers.

Ransomware is a type of malicious software, or malware, that attacks use to freeze access to computer files, systems, or networks before demanding payment to unlock the data.

Victims can find themselves locked out from a range of actions, such as opening an email attachment, clicking an advertisement, or visiting certain websites.

“Most of the time, you don’t know your computer has been infected. You usually discover it when you can no longer access your data or you see computer messages letting you know about the attack and demanding ransom payments,” according to the FBI.

A wave of ransomware attacks have been carried out against high-profile entities in recent weeks. Attackers hit Colonial Pipeline in the United States, leading to a major fuel artery going offline, hospital information systems in New Zealand, and Ireland’s health system.

Colonial reportedly paid $5 million in ransom. The company declined to confirm or deny those reports. Ireland is refusing to pay the attackers, reportedly a Russian-speaking group called Conti that wants $20 million.

Only about 8 percent of victims who pay the ransom get their data back, according to Sophos.

Avaddon was tagged as the AXA attacker. DarkSide’s ransomware was used to attack Colonial; DarkSide said it was disbanding in the wake of the attack.

Ireland Health Service Executive Colm Henry said that the health system’s entire IT system was shut down as a precaution in the wake of the attack. Systems started being restored on Tuesday as an impact assessment continued.

“There are serious concerns about the implications for patient care arising from the very limited access to diagnostics, lab services, and historical patient records,” he said.

Waikato District Health Board Chief Executive Kevin Snee told Stuff, a New Zealand publication, that the attackers would not receive payment.

The attack impacted all district hospitals, forcing them to accept only urgent patients and to postpone some elective surgeries.

“We’re working hard to resolve the issue,” Snee said in a Facebook video.

Ransomware attacks have been on the rise in recent months, with more money garnered by attackers, authorities say.

The number of attacks reported to the FBI’s Internet Crime Complaint Center increased to 2,474 in 2020. Globally, the total cryptocurrency value received by addresses linked to ransomware jumped from under $100 million to over $400 million, according to Chainalysis.

Follow Zachary on Twitter: @zackstieber
Follow Zachary on Parler: @zackstieber