Ransomware Virus: AXA Becomes One of the Latest Victims

threatcop
4 min readMay 28, 2021

--

Ransomware Virus

In the latest cyber incident, international insurance arm AXA Partners was affected by a ransomware virus. It is believed a cyber criminal group known as Avaddon is behind the ransomware attack.

As of now, AXA’s Asia Assistance Divisions which are located in Thailand, Malaysia, Hong Kong, and the Philippines have been infected with the ransomware virus.

What Happened?

A cyber criminal group Avaddon targeted four countries among the ones that operate as AXA partners. Moreover, the cyber criminal group has potentially accessed some data processed by Inter Partners Asia in Thailand. However, according to a spokesperson for AXA Partners, there was no hint showing that the cyber criminal had access to any data.

According to a report from ZDNet, the company has hired experts to look into the matter and also notified the concerned people related to the incident. That includes business partners as well as individuals impacted.

Company’s Statement:

If the investigation “confirms that sensitive data of any individuals have been affected, the necessary steps will be taken to notify and support all corporate clients and individuals impacted.”

The Cyber Criminal Group Behind the Attack

Avaddon, the group behind the cyber attack on AXA is famously known for spreading ransomware viruses and collecting ransom from industries worldwide. According to a report published by Computer Weekly, last year, high-profile victims that suffered a ransomware attack because of the group include Canon (Imaging technologies supplier), Grubman (media law firms), Chubb (Security insurance provider), and LG (Electronics manufacturer), among many others.

“In total, since their discovery in June 2020, the Avaddon gang has published data on dozens of victims on their dark web site, following the now common double-extortion technique amongst ransomware operators,” a senior security researcher Chad Anderson said.

Anderson further added, “Avaddon also maintains an affiliate program where they recruit hackers from underground forums to deploy their ransomware. This most recent intrusion shows that the human operators behind these ransomware families continue to hone their skills and become continually faster at deploying on victim networks.”

Coming back to the present scenario, as per the report from ABC News, the group has claimed that they have stolen 3 terabytes of data. They also posted some document samples on the darknet as proof. That includes screenshots of customer identity cards, passports, hospital bills, medical records, and bank documents.

Moreover, the report from ABC News further reveals that Avaddon had threatened to leak the data if the company does not pay the ransom in 10 days, which still remains unspecified.

How to Get Rid of a Ransomware Virus?

Note: This is for Windows operating system. Moreover, if you are not a computer expert, always approach your IT security team.

You never know when cyber criminals can bypass your cyber security measures and enter your IT infrastructure. Moreover, I bet you do not want your company to go through what AXA is going through at the moment. So, what can an organization do when they get infected with a ransomware virus? Read more to find out!

4 Steps to Follow

How to get rid of ransomware virus
4 steps to get rid of ransomware virus

4 steps to go after in getting rid of ransomware virus

First Step: First thing to do when your system is infected with ransomware virus or any other malware is to reboot your computer to safe mode

Second Step: The next thing to do is to back up your files on an external device and also scan for any virus in those files

Third Step: Install malware protection software on your computer

Fourth Step: Restore your system to the previous state

However, this is a difficult procedure to follow for a company that has a large number of employees. Moreover, this procedure wouldn’t decrypt your files. So, what can a company do?

The best thing is to prevent these attacks from happening.

As it goes “Prevention is better than cure”

So, to secure an organization, the first thing you can do is conduct a VAPT periodically. This helps the company to identify all the vulnerabilities that underlie an organization’s IT infrastructure. Fetching those vulnerabilities will not only help your company to find the loopholes on time but also fix or patch it accordingly.

Last but not least is to educate your employees on the same. Providing cyber security to your employees using awareness training with tools like ThreatCop will help them in becoming cyber vigilant. It will provide them the knowledge that is required on how to spot and avoid those viruses. Moreover, it will give them confidence in making smart cyber security decisions.

So wait no more, better be prepared than to be sorry!

--

--

threatcop
threatcop

Written by threatcop

Threatcop is a cybersecurity company that provides security solutions to businesses to protect them against email-based attacks and social engineering attacks.

No responses yet