CNA Financial reportedly paid $40 million due to Ransomware Demand

CNA is the seventh largest commercial insurer in the United States as of 2018. CNA provides property and casualty insurance products and services for businesses and professionals in the U.S., Canada, Europe and Asia.

CNA itself is 90% owned by a holding company, Loews Corporation. This holding company also has interests in offshore oil and gas drilling rigs, natural gas transmission pipelines, oil and gas exploration, hotel operations and package manufacturing.

CNA Financial Corporation – Jenkins MBA Careers | Poole College of  Management | NC State University

CNA Financial, one of the largest US insurance companies, paid $40 million to free itself from a ransomware attack that occurred in March, according to a report from Bloomberg. The hackers reportedly demanded $60 million when negotiations started about a week after some of CNA’s systems were encrypted, and the insurance company paid the lower sum a week later.

If the $40 million figure is accurate, CNA’s payout would rank as one of the highest ransomware payouts that we know about, though that’s not for lack of trying by hackers: both Apple and Acer had data that was compromised in separate $50 million ransomware demands earlier this year. It also seems like the hackers are looking for bigger payouts: just this week we saw reports that Colonial Pipeline paid a $4.4 million ransom to hackers. While that number isn’t as staggering as the demands made to CNA, it’s still much higher than the estimated average enterprise ransomware demand in 2020.

Law enforcement agencies recommend against paying ransoms, saying that payouts will encourage hackers to keep asking for higher and higher sums. For its part, CNA told Bloomberg that it wouldn’t comment on the ransom, but that it had “followed all laws, regulations, and published guidance, including OFAC’s 2020 ransomware guidance, in its handling of this matter.” In an update from May 12, CNA says that it believes its policyholders’ data were unaffected.

According to Bloomberg, the ransomware that locked CNA’s systems was Phoenix Locker, a derivative of another piece of malware called Hades. Hades was allegedly created by a Russian group with the Mr. Robot-esque name Evil Corp.

***

Ransomware Attack Payment

Ransomware attack payments are rarely disclosed. According to Palo Alto Networks, the average payment in 2020 was $312,493, and it is a 171% increase from the payments that companies made in 2019.

The $40 million payment made by CNA Financial is bigger than any previously disclosed payments to hackers, The Verge reported.

Disclosure of the payment is likely to draw the ire of lawmakers and regulators that are already unhappy that companies from the United States are making large payouts to criminal hackers who, over the last year, have targeted hospitals, drug makers, police forces, and other entities that are critical to public safety.

The FBI discourage organizations from paying ransom because it encourages additional attacks and does not guarantee that data will be returned.

Ransomware is a type of malware that encrypts the data of the victim. Cybercriminals using ransomware usually steal the data too. The hackers, then, ask for a payment to unlock the files and promise not to leak stolen data. In recent years, hackers have been targeting victims with cyber insurance policies and huge volumes of sensitive consumer data that make them more likely to pay a ransom.

Last year was a banner year for ransomware groups, with security experts and law enforcement agencies estimating that victims paid about $350 million in ransom. The cybercriminals took advantage of the pandemic, a time when hospitals, medical companies, and insurance companies were the busiest.

As per Bloomberg’s report, CNA Financial initially ignored the hackers’ demands while pursuing options to recover their files without engaging with the criminals. However, within a week, the company decided to start negotiations with the hackers, who were demanding $60 million.

Payment was made a week later. source

CNA notifying cyberattack

Source

The ransomware cyberattack interrupted the company’s employee and customer services for three days as the firm closed down “out of an abundance of caution” to prevent further damage. Certain CNA systems were impacted, including corporate email.

Apple’s Loyalty to China Threatens our Security

Hat tip to the Federalist as they read the very long article that I did this morning about Apple risking it all just to favor the Chinese Communist Party. With that, I will use their summary.(It is extraordinary however that the New York Times is exposing Apple and it’s faults and policy for the sake of doing business in China)

The Apple data center in Guiyang as seen in a satellite image. Apple plans to store the personal data of its Chinese customers there on computer servers run by a state-owned Chinese firm.

Censorship, Surveillance and Profits: A Hard Bargain for Apple in China

Apple built the world’s most valuable business on top of China. Now it has to answer to the Chinese government.

Apple willingly compromises certain privacy and security business practices to build a partnership with the Chinese government, a new report from the New York Times explains.

Not only does the Big Tech company store personal data of Chinese users on servers that are managed and serviced by a firm owned by the communist regime, but Apple’s CEO Tim Cook has spent years “making frequent, statesmanlike visits and meeting with top leaders” in the Asian country and caving to its wishes.

The entrance to Apple’s new data center, which the company hoped to complete next month.
Credit…Keith Bradsher/The New York Times

Apple often boasts that it believes “privacy is a fundamental human right,” but the company’s relationship with China seems to discard that “core value” in exchange for doing China’s bidding such as removing certain encryption technology and digital key that the communist regime disagreed with.

“We have never compromised the security of our users or their data in China or anywhere we operate,” the company said.

But in data centers similar to the one being built outside Guiyang, China, experts and Apple engineers warn, “Apple’s compromises have made it nearly impossible for the company to stop the Chinese government from gaining access to the emails, photos, documents, contacts, and locations of millions of Chinese residents” who they aren’t afraid to oppress.

The Chinese government also has a long list of human rights abuses including enslaving the Uyghurs, a minority group located in the Xijiang province, and squashing pro-democracy movements in Hong Kong, but once again, Apple is unbothered. Despite offering a long creed promising a commitment to human rights causes, Apple has repeatedly bowed to the wishes of the communist regime to censor apps and blacklist people that government officials think could pose a danger to Xi Jinping or his rule.

Over the last few years, tens of thousands of apps containing content considered objectionable to the communist government were removed from the Chinese version of the app store. Some of the most notable disappearances were apps for worldwide news outlets, pro-democracy organizations, certain religious institutions and figures such as the Dalai Lama, and even apps that provided encryption or shortcuts to users who wanted more digital privacy and security.

“After Chinese employees complained, it even dropped the ‘Designed by Apple in California’ slogan from the backs of iPhones,” the Times report says, noting the regime’s unwillingness to let Apple’s branding remain “American.”

Cook has repeatedly tried to quiet criticism of Apple’s relationship with China by noting how efficient it makes the company. Not only does Apple’s partnership with the regime allow for access to, housing for, and factories for Chinese workers who “assemble nearly every iPhone, iPad, and Mac” to rake in at least “$55 billion a year from the region, far more than any other American company makes in China,” but it also gives the company an easy global reach.

China’s power over Cook and the company, however, is quite evident. In addition to bending to the regime’s will on censorship and privacy, Apple went out of its way to give data to the Chinese government, despite American laws prohibiting it, by giving legal ownership of user data to Guizhou-Cloud Big Data, a “company owned by the government of Guizhou Province, whose capital is Guiyang.”

“Apple recently required its Chinese customers to accept new iCloud terms and conditions that list GCBD as the service provider and Apple as ‘an additional party,’” the Times says. “Apple told customers the change was to ‘improve iCloud services in China mainland and comply with Chinese regulations.’”

Apple did not respond to The Federalist’s request for comment.

Anyone Notice the Battle for the Arctic?

The Pentagon has a civilian advisory committee where retired flag officers meet and discuss global and domestic conflicts, research them and then present those items to key Pentagon personnel. The question is, do any discussions include the battle for the Arctic?

When General Lloyd Austin, Secretary of Defense says that climate change and white supremacy are the biggest existential threat to the homeland…others for sure are arguing other real threats and that includes the Arctic.

Back in March of 2018, testimony was presented the Senate Armed Services Committee by commanders of the U.S. Pacific Fleet, the U.S. European Command and the Coast Guard Commandant that the Russian footprint in the Arctic has robustly surpassed that of the United States.

In part:

The U.S. lacks abilities
Despite a change in rhetoric, the facts on the ground remain the same: The U.S. is falling further and further behind in the region, operating a single aging polar-class icebreaker.

“The Arctic is the only theater of operations where the U.S. Navy is outclassed by a peer competitor. Russian surface warships have demonstrated the ability to carry out complex combined operations in the High North, while the American Navy maintains a policy that only submarines operate above the Bering Strait. Are submarines enough of a deterrence? Probably. But I don’t think they provide the real presence needed to assert the U.S.’ rights to the opening Arctic,” Holland explains.

Any reaction by the U.S. to catch up in the Arctic comes about 10 years to late, says Huebert. “Yes, as the current ICEX military exercise shows U.S. submarines have the capability of patrolling the Arctic and surfacing through the ice, but what is lacking are the constabulary capabilities in the form of surface vessels and icebreakers.”

Is the U.S. Waking up?
After more than a decade of lobbying by the U.S. Coast Guard to secure funds to construct a new icebreaker, the agency may finally make progress on this front. Congress’ upcoming appropriations bill is likely to include funding to design and construct a new icebreaker. Still, this falls way short of what would be needed, says Holland. “That is good, but it is late, and there’s no commitment to build the three to five more [icebreakers] that is estimated we’ll need. Nor is there any thought about designing the Navy’s ships of the future so they can operate in the High North.”

Holland hopes that the change in rhetoric marks a newfound seriousness by America’s military leadership about the rapidly growing challenges in the Arctic. This also includes China’s emergence as an Arctic power and its desire to utilize the NSR as its own Polar Silk Road as laid out in its newly-released Arctic strategy.

“These countries have a clear strategic vision for what they want out of the Arctic. As do European Arctic states. It’s time for the U.S. to stand up for its rights and responsibilities as an Arctic nation.” More here.

Why is this even a topic for real?

President Vladimir Putin in recent years has made Russia’s Arctic region a strategic priority and ordered investment in military infrastructure and mineral extraction.

Moscow: Russian Foreign Minister Sergei Lavrov on Monday warned Western countries against staking claims in the Arctic ahead of this week’s Arctic Council meeting in Reykjavik.

The Arctic in recent years has become the site of geopolitical competition between the countries that form the Arctic Council (Russia, the United States, Canada, Norway, Denmark, Sweden, Finland and Iceland) as global warming makes the region more accessible.

A ministerial meeting of the eight-country council will take place on Wednesday and Thursday.

“It has been absolutely clear for everyone for a long time that this is our territory, this is our land,” Lavrov said at a press conference in Moscow.

“We are responsible for ensuring our Arctic coast is safe,” he said.

“Let me emphasise once again — this is our land and our waters,” he added.

“But when NATO tries to justify its advance into the Arctic, this is probably a slightly different situation and here we have questions for our neighbours like Norway who are trying to justify the need for NATO to come into the Arctic.”

The United States in February sent strategic bombers to train in Norway as part of Western efforts to bolster its military presence in the region.

For the first time since the 1980s, the US Navy deployed an aircraft carrier in the Norwegian Sea in 2018.

President Vladimir Putin in recent years has made Russia’s Arctic region a strategic priority and ordered investment in military infrastructure and mineral extraction.

As ice cover in the Arctic decreases, Russia is hoping to make use of the Northern Sea Route shipping channel to export oil and gas to overseas markets.

Lavrov will meet with his US counterpart Antony Blinken on the sidelines of the Arctic Council ministerial meeting in a test of Moscow’s strained relationship with Washington.

Despite mounting tensions, Russia and the United States during climate negotiations earlier this year noted the Arctic as an area of cooperation.

Three Russian ballistic missile submarines participated in Arctic training drills near the North Pole, and the Russian Ministry of Defense shared footage on Friday of the submarines bursting through the ice.
The drills entailed Russian submarines breaching the ice and Russian troops conducting cold-weather ground maneuvers on the open ice. A pair of MiG-31 Foxhound jet interceptors also flew over the Arctic, with support from an Il-78 aerial refueling tanker. According to Russia’s Navy, about 600 Russian military personnel and civilian personnel were present and about 200 models of Russian weapons and military equipment were involved. Source
An officer speaks on walkie-talkie as the Bastion anti-ship missile systems take positions on the Alexandra Land island near Nagurskoye, Russia, Monday, May 17, 2021. Bristling with missiles and radar, Russia’s northernmost military base projects the country’s power and influence across the Arctic from a remote, desolate island amid an intensifying international competition for the region’s vast resources. Russia’s northernmost military outpost sits on the 80th parallel North, projecting power over wide swathes of Arctic amid an intensifying international rivalry over the polar region’s vast resources. (AP Photo/Alexander Zemlianichenko)

For a scary photo essay of the Russians in the Arctic, click here.

 

So while it appears that nobody is really heeding these warnings, yet another discussion was held in 2019 at the Aspen Security Conference. Here the Pentagon released a new Arctic strategy document challenging and addressing the gains made by China and Russia in the Arctic region.

Moscow is deploying more resources northwards and investing in Arctic-capable forces, while Beijing has declared itself a “near-Arctic” power. The U.S. is moving to meet this challenge and give the region more prominence in its strategic planning.

Schultz said the U.S. “should be concerned about Russia, who is way ahead of us in this game, and the emerging aggressive China, who is pushing into the game.” He noted that while Americans may “think about the Arctic as a very faraway place,” the “Russian world view is very much based on the Arctic.”

A “polar security cutter” is currently under construction for the Coast Guard, effectively a militarized ice breaker. Its order demonstrates the U.S military pivot towards the Arctic and an effort to close the gap with its rivals, particularly Russia. More here.

In part of that released strategy document is the following:

NDS goals and priorities guide DoD’s strategic approach to the Arctic.The Joint Force must be able to deter, and if necessary, defeat great power aggression. DoD must prioritize efforts to address the central problem the NDS identifiesi.e., the Joint Force’s eroding competitive edge against China and Russia,and the NDS imperative to ensure favorable regional balances of power in the IndoPacific and Europe. Developing a more lethal, resilient, agile, and ready Joint Force will ensure that our military sustains its competitive advantages, not only for these key regions of strategic competition, but globally as well.Maintaining a credible deterrent for the Arctic region requires DoD to understand and shape the Arctic’s geostrategic landscape for future operations and to respond effectively to contingencies in the Arctic region, both independently and in cooperation with others. DoD’s strategic approach seeks to do so by implementing three ways in support of thedesired Arctic endstate(each described in detail in this document):

Building Arctic awareness;

Enhancing Arctic operations;and

Strengthening the rulesbased order in the Arctic

Read the full 19 page document here.

 

HHS Shifting $2 Billion to UAC’s Confirms it is a Crisis

Shuffling money to cover for a self-made crisis at the border…..remember President Trump was excoriated for doing the same thing but this is different?

So, we sacrifice the national stockpile for pandemics for the border insurgency? This is $ billion but does that only cover what has already been spent or for the next month or so…inquiring minds want to know the full accounting..

*** The Trump administration is currently housing 12,800 ...

Politico: The Department of Health and Human Services has diverted more than $2 billion meant for other health initiatives toward covering the cost of caring for unaccompanied immigrant children, as the Biden administration grapples with a record influx of migrants on the southern border.

The redirected funds include $850 million that Congress originally allocated to rebuild the nation’s Strategic National Stockpile, the emergency medical reserve strained by the Covid-19 response. Another $850 million is being taken from a pot intended to help expand coronavirus testing, according to three people with knowledge of the matter.

The reshuffling, which HHS detailed to congressional appropriators in notices over the last two months, illustrates the extraordinary financial toll that sheltering more than 20,000 unaccompanied children has taken on the department so far this year, as it scrambled to open emergency housing and add staff and services across the country.

It also could open the administration up to further scrutiny over a border strategy that has dogged President Joe Biden for months, as administration officials struggle to stem the flow of tens of thousands of unaccompanied children into the U.S.

On its own, the $2.13 billion in diverted money exceeds the government’s annual budget for the unaccompanied children program in each of the last two fiscal years. It is also far above the roughly half-billion dollars that the Trump administration shifted in 2018 toward sheltering a migrant child population that had swelled as a result of its strict immigration policies, including separating children from adults at the border.

In addition to transferring money from the Strategic National Stockpile and Covid-19 testing, HHS also has pulled roughly $436 million from a range of existing health initiatives across the department.

“They’ve been in a situation of needing to very rapidly expand capacity, and emergency capacity is much more expensive,” said Mark Greenberg, a senior fellow at the Migration Policy Institute who led HHS’ Administration for Children and Families from 2013 to 2015. “You can’t just say there’s going to be a waiting list or we’re going to shut off intake. There’s literally not a choice.”

HHS spokesperson Mark Weber told POLITICO that the department has worked closely with the Office of Management and Budget to find ways to keep its unaccompanied minor operation funded in the face of rising costs.

“All options are on the table,” he said, adding that HHS has traditionally sought to pull funding from parts of the department where the money is not immediately needed. “This program has relied, year after year, on the transfer of funds.”

Health secretary Xavier Becerra has the ability to shift money among programs within the sprawling department so long as he notifies Congress, an authority that his predecessors have often resorted to during past influxes of migrant children.

But these transfers come as HHS has publicly sought to pump new funds into the Strategic National Stockpile and Covid-19 testing efforts by emphasizing the critical role that both play in the pandemic response and future preparedness efforts.

“The fight against Covid-19 is not yet over,” Becerra testified to a House panel on Wednesday in defense of a budget request that would allocate $905 million for the stockpile. “Even as HHS works to beat this pandemic, we are also preparing for the next public health crisis.”

Becerra later stressed the need to “make sure we’ve got the resources” to replenish the Strategic National Stockpile, which came under scrutiny early in the pandemic after officials discovered it lacked anywhere near the amount of protective equipment and medical supplies needed to respond to the crisis.

“We’ve learned that this is going to be a critical component of being able to respond adequately and quickly to any future health care crisis,” he told Rep. Debbie Dingell (D-Mich.).

In another exchange, Rep. Markwayne Mullin (R-Okla.) repeatedly pressed Becerra over whether HHS would benefit from Congress investing more in other parts of its operation, rather than funding a further expansion of Covid testing. Mullin specifically cited the record numbers of migrant children arriving at the border.

But Becerra batted that suggestion away, telling him that “we have to continue an aggressive testing strategy.”

“We have to continue to make investments to prevent the spread of Covid and its variants,” he said.

Beyond taking funding from the stockpile and Covid testing, Weber could not immediately say what other areas within HHS have been affected. After publication of this article, HHS insisted that additional public health funding Congress allocated as part of a Covid aid bill passed in February could be steered toward the stockpile and supplementing its pandemic response.

Still, funneling money away from existing HHS programs could raise fears of undermining other critical health initiatives and irritate the public health groups and lawmakers who advocate for the funding every year.

The Trump administration faced withering criticism in 2018 for transferring hundreds of millions of dollars meant for biomedical research, HIV/AIDS services and other purposes to cover the expenses tied to an unaccompanied child population that would peak close to 14,000 that year.

That scrutiny was driven in part by bipartisan disapproval over then-President Donald Trump’s “zero tolerance” policy that separated children from their parents, which left HHS with responsibility for carrying out a costly reunification effort.

The Biden administration, by contrast, has moved to unwind several of the Trump era’s most restrictive immigration policies. Yet as it confronts the need to care for an even greater number of migrant children, health groups have bristled at the prospect it could take away from public health priorities even as the U.S. combats a pandemic.

“It is concerning any time funds need to be diverted from their originally intended purpose because of limited resources,” said Erin Morton, executive director of the Coalition for Health Funding. “We have consistently asked our public health system to do more with less and we have underfunded essential programs that today are critical to addressing the multitude of challenges facing the country.”

The transfers could also stretch funding for other programs within HHS’ Administration for Children and Families, which oversees various social services including child care and support for newly arrived refugees.

Biden cited concerns about the strain on the HHS refugee office involved with both aiding refugees and caring for unaccompanied children in his initial refusal to raise the refugee admissions cap from historic lows — a decision he later reversed in the face of swift blowback.

“Obviously this will have a significant impact on the ability of ORR to serve refugees and asylees,” Bob Carey, who ran the Office of Refugee Resettlement from 2015 to 2017, said of the potential need to shift more funding toward sheltering migrant children.

Still, Carey and others defended the transfers as unfortunate yet necessary, and a consequence of the urgent need to get rising numbers of unaccompanied children out of jail-like facilities at the border.

After effectively sealing the southern border last year, the Trump administration never expanded its shelter capacity to the level that HHS has pegged as critical to its preparedness, Greenberg said, leaving the department shorthanded when Biden resumed allowing migrant children into the country.

The pandemic further handicapped HHS, halving its number of available beds due to the need to follow Covid-19 precautions. That forced a scramble to build out a dozen emergency shelters that have historically, on average, cost more than double the amount per day to house each child than it does in licensed facilities.

More than half the migrant children in HHS custody are now housed in emergency shelters, Weber confirmed. And implementing pandemic measures like testing and quarantine areas in shelters has cost HHS at least $850 million in additional expenses alone.

HHS in recent months has additionally agreed to hundreds of millions of dollars in no-bid contracts with an array of emergency response and logistics companies to build out services and staff at the emergency shelters.

“If they had started this year with 16,000 beds instead of 8,000, they could have managed in February and had time to determine how in an orderly way to expand capacity for the very large numbers in March,” Greenberg said. “Fundamentally, it’s this mix of: numbers were greater than expected, capacity was less than needed and there was tremendous pressure to alleviate crowding at [the border].”

Those dynamics are expected to hold for at least the next couple months, as hundreds of new unaccompanied minors arrive at the border daily and are transferred into the health department’s care.

And with no indication so far that the Biden administration will seek new emergency border aid from Congress, that means HHS’ expenses are only likely to balloon further, forcing additional costly transfers within the department.

“It’s going to be expensive,” Carey said. “I can’t think of a situation that’s more complex than this.”

 

 

More Exact Colonial Pipeline Hack Details

It is prudent to review several sources for the real evidence and details and most often non-government companies are the ‘go-to’ places for that. Government spins stuff but private cyber experts offer up great context and such is the case below.

FBI Confirms Darkside Behind Colonial Pipeline Ransomware ... source

As a primer, CISA is a government agency launched by the Trump administration for all the right reasons.

Alert (AA20-049A)

Ransomware Impacting Pipeline Operations

But read on.

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an Alert that offers a set of best practices to protect against ransomware-induced business disruptions. The Alert was prompted by the attack against Colonial Pipeline, and it includes in its introductory section the preliminary conclusion that DarkSide ransomware affected Colonial’s IT systems only, and had no direct effect on the company’s OT networks. The best practices CISA advocates are familiar. The Alert closes with a statement strongly discouraging any victim from paying the ransom their attackers demand: “Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or may fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered.”

FireEye yesterday published a report on DarkSide that emphasizes the group’s ransomware-as-a-service model. It’s a selective operation (criminal applicants for affiliate status are, for example, interviewed before being given access to DarkSide’s control panel) but it’s also not a monolithic one. FireEye’s Mandiant unit currently tracks five “clusters” of DarkSide threat activity. The affiliate model DarkSide uses shares criminal profits: “Affiliates retain a percentage of the ransom fee from each victim. Based on forum advertisements, this percentage starts at 25 percent for ransom fees less than $500,000 USD and decreases to 10 percent for ransom fees greater than $5M USD.”

Colonial Pipeline’s website came back online late yesterday, newly armored with a reCAPTCHA landing page. The company published an update in which it reported progress toward resumption of refined petroleum deliveries, with some 967,000 barrels delivered to Atlanta, Belton and Spartanburg in South Carolina, Charlotte and Greensboro in North Carolina, Baltimore, and Woodbury and Linden (close to the Port of New York and New Jersey). Some lines have been operated under manual control since Monday, at least, and have been moving existing inventory. As the company prepares to restart deliveries, they’ve taken delivery of an additional two million barrels, which they’ll ship once service is restored.

The company appears also to be addressing some concerns about its pipelines’ physical security, having “increased aerial patrols of our pipeline right of way and deployed more than 50 personnel to walk and drive ~ 5,000 miles of pipeline each day.” (hat tip to CyberWire)

Related reading:

Colonial Pipeline using vulnerable, outdated version of Microsoft Exchange: report
Pipeline operators were warned about potential attacks in 2020

“Energy Sector…developed the 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity…sector’s vision that “by 2020, resilient energy delivery systems are designed, installed, operated, and maintained to survive a cyber-incident while sustaining critical functions…”