Chubb, a leading global insurance and reinsurance provider, is investigating an alleged Maze ransomware attack. The incident may involve unauthorized access to data held by an outside service provider. Cybercriminals claim to have encrypted the company in March 2020.
Exclusive Discounts for Maze Ransomware Victims
Maze ransomware is a cryptovirus. This type of virus encrypts files on business computer systems and then asks for the payment of a ransom, usually in bitcoin, to recover the files. On 18 March 2020, the “Maze Team” published a press release on various online communications stating they now offer a discount to affected organizations.
“Due to situation with incoming global economy crisis and virus pandemic, our Team decided to help commercial organizations […]. We are starting exclusive discounts season for everyone who have faced our product. Discounts are offered for both decrypting files and deleting of leaked data.” The message also states that their hackers will not target medical organizations until the coronavirus crisis has passed.
Operators of Maze ransomware are claiming that they encrypted devices on Chubb’s network in March 2020. As a warning, they posted a note on their “News” site, including the names and email addresses of three senior Chubb executives. This is usually done to encourage companies to pay. If a company is hesitant with paying the ransom, cybercriminals usually publish an increasing amount of stolen data on their website.
Chubb Insurance is Investigating Security Incident
Chubb confirmed that they are investigating the incident. In a statement to BleepingComputer, the insurance company said that “they have no evidence that the incident affected Chubb’s network”. Chubb’s network remains fully operational and they continue to service all policyholders’ needs.
The information the Maze ransomware operators posted so far (i.e. names and email addresses) is information that is publicly available. So far, the cybercriminals have not published any sensitive or allegedly stolen information. Chubb also confirmed they did not find any proof that their systems were compromised. However, the security incident may involve unauthorized access to data held by an outside service provider. The insurer is working with law enforcement and cybersecurity experts to investigate the incident.
On the other hand, another cybersecurity intelligence firm, Bad Packets, found five vulnerable Chubb (NetScaler) servers. These have been used in the past by hackers to install ransomware.
FBI Warned Companies
Maze is only one of a number of cryptoviruses. Another one is Nemty. This strain of ransomware is designed to attack entire networks rather than individual systems.
The tactic of leaking stolen data was first used by Maze ransomware operators in December 2019. Unfortunately, other cybercriminals are now intent on using the same strategy.