Business
Cybersecurity

CNA Financial Paid $40 Million in Ransom After March Cyberattack

  • Payment bigger than previously disclosed ransoms, experts say
  • Malware tied to Russian cybergang sanctioned by U.S. in 2019
The CNA headquarters in Chicago.

Photographer: AYNSLEY FLOYD/Bloomberg

Have a confidential tip for our reporters? Get in Touch
Before it’s here, it’s on the Bloomberg Terminal
Bloomberg Terminal LEARN MORE
By and
Lock
This article is for subscribers only.

CNA Financial Corp., among the largest insurance companies in the U.S., paid $40 million in late March to regain control of its network after a ransomware attack, according to people with knowledge of the attack.

The Chicago-based company paid the hackers about two weeks after a trove of company data was stolen, and CNA officials were locked out of their network, according to two people familiar with the attack who asked not to be named because they weren’t authorized to discuss the matter publicly.

Have a confidential tip for our reporters? Get in Touch
Before it’s here, it’s on the Bloomberg Terminal
Bloomberg Terminal LEARN MORE
HomeBTV+Market DataOpinionAudioOriginalsMagazineEvents
News
MarketsEconomicsTechnologyPoliticsGreenCryptoAI
Work & Life
WealthPursuitsBusinessweekCityLabEqualityPursuitsWork Shift
Market Data
StocksCommoditiesRates & BondsCurrenciesFuturesSectorsEconomic Calendar
Explore
NewslettersExplainersThe Big TakeGraphicsSubmit a TipAbout Us
Terms of ServiceTrademarksPrivacy Policy
CareersMade in NYCAdvertise
Ad Choices
Help©2024 Bloomberg L.P. All Rights Reserved.