TeamHood 
Various branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a ransomware cyber attack.
The Avaddonransomware group claimed on their leak site that they had stolen 3 TB of sensitive data from AXA’s Asian operations.
The DarkTracer group observed that they will DDOS the company if they do not cooperate with the attackers. They have also given then 240 hrs deadline.
Before that deadline came to end the same group is reportedly targeted them with Ransomware attack.
It was observed that an ongoing Distributed Denial of Service (DDoS) against AXA’s global websites was performed making them inaccessible for some time.
The compromised data obtained by Avaddon, according to the group, includes customer medical reports (exposing their sexual health diagnosis), copies of ID cards, bank account statements, claim forms, payment records, contracts, and more.
The announcement from the group comes roughly a week after AXA stated that they would be dropping reimbursement for ransomware extortion payments when underwriting cyber-insurance policies in France.
When contacted from various media houses the AXA person told them
“Asia Assistance was recently the victim of a targeted ransomware attack which impacted its IT operations in Thailand, Malaysia, Hong Kong, and the Philippines.”
“As a result, certain data processed by Inter Partners Assistance (IPA) in Thailand has been accessed.”
“At present, there is no evidence that any further data was accessed beyond IPA in Thailand.”
“A dedicated taskforce with external forensic experts is investigating the incident. Regulators and business partners have been informed. “
“AXA takes data privacy very seriously and if IPA’s investigations confirms that sensitive data of any individuals have been affected, the necessary steps will be taken to notify and support all corporate clients and individuals impacted,” an AXA spokesperson.
The timing around the incident is noteworthy considering, this week, the Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) had warned of ongoing Avaddon ransomware attacks targeting organizations from an extensive array of sectors in the US and worldwide.
Ransomware attacks on organizations continue to grow and cause disruptions for many with attackers demanding exorbitant ransom payments.
Recently, the DarkSide cybercrime group demanded $5 million to restore Colonial Pipeline system operations.
