Ransomware hits AXA units in Asia, hurts Ireland healthcare

Monday, May 17, 2021 | Elaine Ganley And Frank Bajak, Associated Press

In this Friday, Feb. 21, 2020 file photo, Irish Prime Minister Leo Varadkar arrives for an EU summit at the European Council building in Brussels. Ireland’s health service says it has shut down its IT systems after being targeted in a “significant ransomware attack.” The Health Service Executive said Friday that the move was a precaution, and appointments for coronavirus vaccinations were not affected. Procedures were canceled at hospitals and Deputy Prime Minister Leo Varadkar said the disruption could last for days. (Ludovic Marin, Pool Photo via AP, File)

PARIS (AP) — Cybercriminals have hit four Asian subsidiaries of the Paris-based insurance company AXA with a ransomware attack, impacting operations in Thailand, Malaysia, Hong Kong and the Philippines, the insurer said.

The criminals claimed to have stolen 3 terabytes of data including medical records and communications with doctors and hospitals.

In Ireland, meanwhile, the national healthcare system struggled to restore IT systems that were all but paralyzed in a cyberattack last week by a different Russian-speaking ransomware group. That group is demanding $20 million, according to the ransom negotiation page on its darknet site, which The Associated Press viewed.

The gang threatened Monday to “start publishing and selling your private information very soon.”

The Irish government's decision not to pay the criminals means hospitals won't have access to patient records — and must resort mostly to handwritten notes — until painstaking efforts are complete to restore thousands of computer servers from backups.

AXA Partners, the Paris insurer's international arm, offered few details of the Asia attacks. It said in a brief statement Sunday that their full impact was being investigated and that steps would be "taken to notify and support all corporate clients and individuals impacted.” It said the attack was recent, but did not specify when exactly. It said data in Thailand was accessed and that “regulators and business partners have been informed.”

News of the Asia attack was first reported by the Financial Times. The attackers used a ransomware variant called Avaddon. In a post on their darknet leak site including some document samples, they claim to have stolen 3 terabytes of data including medical records, customer IDs and privileged communications with hospitals and doctors. Avaddon threatened to leak “valuable company documents” in 10 days if the company did not pay an unspecified ransom.

AXA, among Europe’s top five insurers, said this month that it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals.

The insurer said at the time that it was suspending the option in France only in response to growing concern that such reimbursements encourage cyber criminals to demand ransom from companies they prey on, crippling them with malware. Once victims of ransomware pay up, criminals provide software keys to decode the data. Last year, ransomware reached epidemic levels as criminals increasingly turned to “double extortion,” stealing sensitive data before activating the encryption software that paralyzes networks and threatening to dump it online if they don't get paid.

It appears that's exactly what happened to the AXA subsidiaries and Ireland's health care system. In the latter case, the criminals claim to have stolen more than 700 gigabytes of personal data on patients and employees — including home addresses and phone numbers — as well as customer databases, payroll and other financial information. The criminals claimed to have spent two weeks in the network before executing the ransomware.

The top victims of ransomware are in the United States, followed by France, experts say. The extent of damage, and payouts, in Asian countries was not immediately clear. Like most top ransomware purveyors, Avaddon's ransomware is programmed not to target computers with Russian-language keyboards and enjoys safe harbor in former Soviet states.

The group that attacked Ireland's Health Service Executive, Conti, similarly enjoys Kremlin tolerance and is among the most prolific such gangs, recently attacking such high-profile targets as the school system in Broward County, Florida, which serves Fort Lauderdale and is among the U.S.'s largest school districts.

Irish Prime Minister Micheal Martin has refused to pay ransom despite an attack announced Friday that caused the country of 5 million to shut down and rebuild its public health care system's IT network.

The system's chief operations officer, Anne O'Connor, told a local radio reporter on Sunday that many cancer treatment sessions, X-rays and other radiology appointments had been canceled, describing perhaps the worst impact to date on a healthcare system from ransomware.

“There’s not much back up and running,” yet, O'Connor said of the IT network, adding that data on thousands of servers would need to be rebuilt from backups. “It's going to be a slow process.”

“All of our diagnostic capability in terms of radiology have gone,” she said. "We have no capability now to look back at any previous tests, any previous scans. We can’t order lab tests or radiology electronically.”

She said hospitals had resorted to "handwritten notes. We have people in hospitals delivering pieces of paper around with lab results, et cetera."

Ransomware attacks returned to headlines this month after hackers struck the United States’ largest fuel pipeline, the Colonial Pipeline, and the company shut it down for days to contain the damage.

The ransomware syndicates that have had the biggest impact are so-called “big-game” hunters like Avaddon and Conti that identify and target lucrative victims. They lease their “ransomware-as-a-service” to affiliates they recruit who do most of the heavy-lifting — taking more risk and a higher share of the profits.


Bajak reported from Boston.

Featured Article: 52-Week High/Low Prices For Stock Selection

7 Stocks That Cathie Wood is Buying And You Should Too

If you’re an investor that likes to go with the “hot hand,” then they don’t get much hotter than Cathie Wood. The founder and CEO of ARK Investment Management delivered returns of over 100% in all five of her firm’s exchange-traded funds (ETFs) in 2020.

The names of her funds showcase some of the hottest emerging growth trends in the market: financial technology (fintech), genomic revolution, innovation, autonomous technology/robotics, and next generation internet.

As you would expect, these funds contain some of the hottest growth stocks from the past year. And in the aftermath of the tech selloff, Wood is not backing away. In fact, she’s doubling down on her strategy. It might not be exactly a matter of being greedy while others are fearful; perhaps more like being prepared while others are distracted.

But the other thing about Wood’s selections is that many of them are not obscure names. These are companies that were among the hottest names in 2020. Wood simply believes that they still have room to run. And that’s one reason you should consider making them a part of your portfolio.

In this special presentation, we’re giving you just seven of the stocks that Cathie Wood is buying or has bought recently. We’ve attempted to pick out at least one stock from each of the ARK ETFs. As with any investment decision, it’s important that you perform your own research before making a decision.

View the "7 Stocks That Cathie Wood is Buying And You Should Too".

MarketBeat - Stock Market News and Research Tools logo

MarketBeat empowers individual investors to make better trading decisions by providing real-time financial data and objective market analysis. Whether you’re looking for analyst ratings, corporate buybacks, dividends, earnings, economic reports, financials, insider trades, IPOs, SEC filings or stock splits, MarketBeat has the objective information you need to analyze any stock. Learn more about MarketBeat.

MarketBeat is accredited by the Better Business Bureau

© American Consumer News, LLC dba MarketBeat® 2010-2021. All rights reserved.
326 E 8th St #105, Sioux Falls, SD 57103 | U.S. Based Support Team at [email protected] | (844) 978-6257
MarketBeat does not provide personalized financial advice and does not issue recommendations or offers to buy stock or sell any security.

Our Accessibility Statement | Terms of Service | Do Not Sell My Information

© 2021 Market data provided is at least 10-minutes delayed and hosted by Barchart Solutions. Information is provided 'as-is' and solely for informational purposes, not for trading purposes or advice, and is delayed. To see all exchange delays and terms of use please see disclaimer. Fundamental company data provided by Zacks Investment Research.