CNA Financial Ransomware Attack

In March, CNA Financial, one of the largest insurance providers in the U.S., was disrupted by a ransomware attack. The company had to disconnect systems and services for several days to prevent the attack’s spread, demonstrating the debilitating impact of ransomware.

Affected vertical: Financial services, specifically insurance.

MITRE Tactics:

  • Initial Access (TA0001): The adversaries likely gained access to the network through phishing, exploitation of public-facing applications, or other means.
  • Execution (TA0002): The ransomware was executed on CNA’s servers, encrypting critical files and disrupting operations.
  • Persistence (TA0003): The ransomware ensured its continued presence on the infected system.
  • Privilege Escalation (TA0004): The ransomware likely exploited vulnerabilities to gain high-level privileges.
  • Impact (TA0040): The attack caused a significant disruption to CNA’s operations, requiring system shutdowns to mitigate the threat.

Further Reading: