CHICAGO — It has been nearly two weeks since CNA sustained what it is now calling a “sophisticated ransomware attack,” and the Chicago-based insurance giant’s website remained down Friday afternoon.
While law enforcement and forensic experts hired by CNA conduct investigations, the company said in an online statement Thursday the attack has been “successfully contained” and it is safe to communicate with CNA through its reestablished corporate email system.
“We are working as diligently and as quickly as possible to fully resume operations,” the company said.
A CNA spokeswoman declined to comment Friday beyond the statement.
CNA sustained the cyberattack March 21, which it disclosed Thursday included ransomware, a form of malware that corrupts computer systems through encrypted files, with attackers demanding payment for a software fix. The company did not disclose information about the attacker, but said the ransomware used “does not contain the ability to automatically spread to any internal or external systems.”
Ransomware is a growing threat to both public and private networks, causing data loss, privacy issues and costing billions of dollars a year, according to the federal Cybersecurity and Infrastructure Security Agency.
CNA disconnected its systems from its network in the wake of the cyberattack “to contain the threat,” the company said. That initially shut down everything from its corporate email to the functionality of its website, which was reduced to a static display.
“We are well into the restoration phase and making significant progress across our internal systems to return our environment to a fully operational state,” CNA said in its statement.
While the company said it has contained the threat, it is unclear if the cyberattack caused any damage to CNA’s business partners and customers.
“Once our investigation is complete, we will notify any impacted parties as appropriate,” the company said.
CNA Financial, which has 5,800 employees worldwide, is one of the largest commercial property and casualty insurance companies in the U.S., generating $10.8 billion in revenue last year, according to financial reports.
