The threat of ransomware gangs continues in the wake of the Colonial Pipeline hack, after Tulsa’s city computer system was targeted, and reports emerged that insurance giant CNA Financial paid off an extortion fee of $40 million.
Chicago-based CNA Financial, one of the largest insurance companies in the country, made the payment in March to regain control of its network from hackers, sources told
‘CNA is not commenting on the ransom,’ a company spokeswoman told the outlet. ‘CNA followed all laws, regulations, and published guidance, including [Office of Foreign Asset Control]’s 2020 ransomware guidance, in its handling of this matter.’
The revelation comes after the world learned that Colonial Pipeline paid the Russia-based hacker gang DarkSide a $4.4 million ransom to regain control of the key fuel pipeline that supplies the East Coast.
CNA Financial’s Chicago headquarters are seen above. The insurance firm reportedly paid ransomware hackers $40 million in March
Meanwhile, officials in Tulsa said on Thursday that the attempted attack there was similar to the one on Colonial Pipeline, and that the hacker group responsible is known.
Mayor G.T. Bynum said Tulsa’s computer security system identified the attack and shut down the system before it was infiltrated.
‘I can’t share anything other than we know who did it,’ Bynum said, adding that the city did not pay the hackers.
‘They wanted to talk with us about what (a ransom) would be for them not to announce (the attack) and we never engaged them,’ he said.
The attack, discovered earlier this month, was similar to the ransomware attack that shut down the Colonial Pipeline for days, according to Tulsa Chief Information Officer Michael Dellinger.
Mayor G.T. Bynum said Tulsa’s computer security system identified the attack and shut down the system before it was infiltrated
The attack, discovered earlier this month, was similar to the ransomware attack that shut down the Colonial Pipeline for days, Tulsa officials said
The DarkSide gang behind the Colonial attack appears to be offline after key servers used by the hackers were seized by unknown actors last week.
Tulsa’s computer system remains shut down while each of the city’s computers and servers are examined and cleaned, Dellinger said. There has been no indication any data was breached, he added.
Dellinger said an investigation is underway to determine how the attacker infiltrated the system.
Bynum said city utility services, such as water, will not be disconnected until five days after the system is back online and electronic payments are possible.
Police and fire responses continue, but issues such as uploading police body cameras are slowed because of the computer shutdown.