The CNA Financial Corps computer system remained down on Friday as the insurer battled a cyberattack by a hacker group called Phoenix.
Almost a week after the insurer discovered that it had been attacked, its website remained inaccessible and contained only alternative contact information.
Information security publication Bleeping Computer reported on Thursday that the attack on CNA used Phoenix CryptoLocker, a new ransomware believed to be a spinoff of a hacked group known as Evil Corp, which has been sanctioned and its alleged leaders. accused by the US government.
In a statement included in an article on the publication's website, which a CNA spokeswoman confirmed as correct, the insurer said: “The Hot Actors Group, Phoenix, responsible for this attack, is not sanctioned. unit and no US government agency has confirmed a relationship between the group that attacked the CNA and any sanctioned unit. We have notified the FBI of this incident and are actively cooperating with them in conducting their investigation.