Chubb, one of the leading cyber insurance carriers in the world was affected by a ransomware attack. The operators of the Maze Ransomware claimed to have encrypted their data this month.
The company has several cyber insurance products which includes incident response, forensics, legal teams, and even public relations.
The ransomware operators have stated in their Maze ‘News’ site regarding encrypting the devices on Chubb’s network in March, 2020.
The Maze operators usually steal a company’s files before encrypting their network and these stolen files will be used as leverage by threatening to publicly release it for making the ransom payment.
After encrypting victims, Maze will create an entry on their news site to warn their victims that if they do not pay, their data will be published. If a victim fails to pay, the operators publish a large amount of stolen data until it is all released.
Maze has not published any of the allegedly stolen data, but the email addresses of executives such as CEO Evan Greenberg, COO John Keogh, and Vice Chairman John Lupica were included. This information however could not be considered as proof of encryption as the emails are easily available on public websites.
Chubb reported that they are investigating whether this is unauthorized access to their data held at a third-party service provider as there is no evidence that their network was breached. They are working with the law enforcement and hired a cybersecurity firm for the investigation process.
Besides, their network remains fully operational and they continue to service all policyholder needs, including claims. Any further details regarding the issue is not known at the time.
Even though Chubb states that their network has not been compromised, cybersecurity intelligence firm Bad Packets has stated that the company has numerous Citrix ADC (Netscaler) servers that are vulnerable to the CVE-2019-19871 vulnerability. This vulnerability has been exploited in the past to hack into networks and install ransomware.
Phobos Group’s Dan Tentler also tweeted that Chubb has a Remote Desktop server publicly accessible from the Internet, which is a huge security risk.
It is not known if any of these devices were used as part of the attack.