Leading cyber security insurance provider Chubb was recently targeted by the Maze ransomware group that claimed to have encrypted the firm’s systems and has threatened to release stolen data if a ransom is not paid.
Chubb is a leading provider of cyber insurance products, dealing with forensics, incident response and investigation costs, data loss and restoration, crisis communications and public relations among other things.
In a recent statement, the Maze ransomware group claimed it has encrypted Chubbs’ devices and that it will share the proofs soon. It has also threatened Chubb that it will release personally identifiable information (PII) stolen from the latter’s systems if they do not agree to meet their demand.
Maze hasn’t published any of the data yet however, the group has released the email addresses of executives such as CEO Evan Greenberg, COO John Keogh, and Vice Chairman John Lupica. These may not be enough to confirm that Chubb was targeted as the email addresses are readily available on public websites.
In a statement to BleepingComputer, Chubb spokesman said that they are investigating if there is an actual data breach as they haven’t identified any such incident yet.
“We are currently investigating a computer security incident that may involve unauthorized access to data held by a third-party service provider. We are working with law enforcement and a leading cybersecurity firm as part of our investigation.
“We have no evidence that the incident affected Chubb’s network. Our network remains fully operational and we continue to service all policyholder needs, including claims. Securing the data entrusted to Chubb is a top priority for us. We will provide further information as appropriate”, Chubb told BleepingComputer.
Commenting on the claims made by Maze, Darren Wray, CTO at data privacy experts Guardum, told TEISS, “Organisations are having to constantly adjust to new threats. Viral ransomware is a particular nasty approach that has proven successful for a number of groups, this is made all the worse by attackers extracting data to make public.
“All firms need to be learning from such attacks and taking the risks very seriously, particularly those in high profile sectors such as Insurance companies, which are targeted because they are rich and not particularly well liked.
“These steps should include having the right processes, procedures and practises in place for new and evolving scenarios. This includes making sure that personal and commercial information is protected and where appropriate redacted to ensure that even if documents are stolen and exfiltrated out of the building that they are of limited use to any attacker.”
James McQuiggan, Security Awareness Advocate at KnowBe4, also shared his views with TEISS, stating that an organisation’s security is only as strong as the weakest third party’s security programme. If their security programmes are not as robust as the leading organisation, they are all susceptible to attack.
“Organisations not only need to focus their security efforts on their own applications, infrastructure and employees, but also those that interact with their digital supply chain. An organisation with a strong and robust security program that can train their employees, assess their ability to spot a social engineering phishing scam and report it, then verify that the third party companies provide the same, can help to effectively prevent a ransomware attack.”
Maze was also in the news last week for encrypting the systems of Hammersmith Medicines Research and publishing personal information of more than 2,300 patients as the medical research firm was unable to meet their ransom demands.