The Chicago-based insurance giant on May 12 released a security incident update informing clients that it took "immediate action" after the March 21 attack "by proactively disconnecting" its systems from its network, and CNA has "no evidence to indicate that external customers were potentially at risk of infection due to the incident."
"CNA followed all laws, regulations, and published guidance, including OFAC’s 2020 ransomware guidance, in its handling of this matter," CNA told FOX Business.
CNA is not commenting on the ransom, specifically, but it has been in communication with the FBI and Office of Foreign Assets Control regarding the cyber incident and the threat actor’s identity," the company said. The $40 million figure was first reported by Bloomberg, citing people familiar with the matter.
The company added that the ransomware group is called Phoenix, which is "not on any prohibited party list and is not a sanctioned entity."
The insurance firm is currently operating as normal and has updated its systems. CNA is also "reviewing the impacted data to determine the contents using both technology and a manual review," its May update reads.
The news comes after Bloomberg reported last week that the Colonial Pipeline paid $5 million in ransom to a group of hackers called DarkSide that targeted its infrastructure, causing gas shortages up and down the East Coast for several days.
FOX Business' Brittany De Lea contributed to this report.