03-26-2021 , 07:22 PM
![[Image: EwwnVPJ.jpg]](https://i.imgur.com/EwwnVPJ.jpg)
Insurance giant CNA has suffered a ransomware attack using a new variant called Phoenix CryptoLocker that is possibly linked to the Evil Corp hacking group.
This week, BleepingComputer reported that CNA had suffered a cyberattack impacting their online services and business operations.
Soon after we reported on the attack, CNA issued a statement confirming that they had suffered a cyber attack last weekend.
"On March 21, 2021, CNA determined that it sustained a sophisticated cybersecurity attack. The attack caused a network disruption and impacted certain CNA systems, including corporate email," CNA disclosed in a statement.
CNA hit by a ransomware attack
Since our first reporting, BleepingComputer has confirmed that CNA suffered an attack by a new ransomware known as 'Phoenix CryptoLocker.'
Sources familiar with the attack have told BleepingComputer that the threat actors deployed the ransomware on CNA's network on March 21, where it proceeded to encrypt over 15,000 devices on their network.
BleepingComputer has learned that it also encrypted the computers of employees working remotely who were logged into the company's VPN at the time of the attack.
When encrypting devices, the ransomware appended the .phoenix extension to encrypted files and created a ransom note named PHOENIX-HELP.txt, as shown below.
Continue reading HERE