A ransomware cyber assault has targeted the Thai, Malaysian, Hong Kong, and Philippine branches of the world’s largest insurance company, AXA.

The Avaddon ransomware organisation claimed yesterday, as reported by BleepingComputer, that it had stolen 3 TB of private data from AXA’s Asian operations.

Additionally, AXA’s international websites were down yesterday for a while due to a Distributed Denial of Service (DDoS) attack, according to BleepingComputer.

The organisation claims that the compromised data collected by Avaddon includes copies of ID cards, bank account statements, claim forms, payment records, contracts, claim forms for customers that reveal their sexual health diagnosis, and more.

The group’s statement follows AXA’s revelation that it would no longer cover ransomware extortion payments when underwriting cyber-insurance plans in France.

Asian AXA offices are targeted by a ransomware organisation.
The ransomware organisation Avaddon took responsibility for the attack on AXA’s offices in Asia yesterday.

The organisation also said that there was a DDoS assault ongoing against AXA’s websites hosted in Thailand, Malaysia, Hong Kong, and the Philippines:

The Avaddon ransomware group initially made the threat to conduct DDoS assaults to take down victims’ websites or networks until they get in touch and start negotiating to pay the ransom in February 2021.

When ransomware gangs started deploying DDoS assaults against its victims as an extra point of leverage in October 2020, BleepingComputer became the first publication to report on this new development.

About a week after AXA announced that payment for ransomware extortion settlements would no longer be included in their cyber-insurance plans sold in France, Avaddon announced the attack on AXA’s infrastructure.

Avaddon started dumping part of the stolen data on their leak site yesterday, as spotted by BleepingComputer, even if the exact date of the incident remains unknown.

Avaddon also threatened to expose AXA’s priceless records if the insurance firm didn’t get in touch with them and work with them within 10 days.

The gang asserts to have gotten 3 TB of AXA data, which includes:

client medical records (including those containing sexual health diagnosis)
customer claims payments to consumers’ bank accounts scanned records content only available to hospitals and physicians (private fraud investigations, agreements, denied reimbursements, contracts)
Identity cards, passports, and other forms of identification

AXA: Access to data by a Thai partner only, “No Evidence”
AXA responded when approached by BleepingComputer as follows:

A recent targeted ransomware assault on Asia Assistance affected its IT operations in Thailand, Malaysia, Hong Kong, and the Philippines.

As a result, someone was able to access some data handled by Inter Partners Assistance (IPA) in Thailand.

“At this time, there is no proof that any more data was accessed in Thailand beyond IPA.”

“The event is being investigated by a specialised group that includes outside forensic specialists. Partners in business and regulators have been notified.”

According to an AXA spokesman, “AXA takes data privacy extremely seriously and will take the appropriate procedures to notify and help all corporate clients and people impacted” if IPA’s investigations reveal that sensitive data of any persons have been compromised.

The incident’s timing is interesting in light of this week’s FBI and Australian Cyber Security Centre (ACSC) alerts on ongoing Avaddon ransomware assaults aimed against enterprises from a wide range of industries in the US and throughout the world.

Attackers that employ ransomware on enterprises continue to expand and interrupt numerous operations while demanding extortionate ransom payments.

The DarkSide cyberterrorist organisation recently requested $5 million to reactivate the Colonial Pipeline infrastructure.

Additionally, just last week, BleepingComputer reported that a $20 million ransomware demand was made on Ireland’s Health Services.