BANGKOK (AP) – A Thai subsidiary of AXA, a Paris-based insurance company, said on Tuesday it was investigating a ransom attack by Russian-speaking cybercriminals that affected operations in Thailand, Malaysia, Hong Kong and the Philippines.
At the same time, a cyber-attack on a public health provider in New landland անդland disrupted information systems in five hospitals, forcing staff to cancel elective surgeries and causing all sorts of other problems.
In Bangkok, Krungthai AXA said it had set up a team with AXA Inter Partner Assistance to investigate the matter urgently. It was unclear how long it might take to assess the impact of personal data after criminals claimed to have stolen 3 terabytes of data, including medical records, client ID, privileged communication with hospitals, and doctors.
Krungthai-AXA Life Insurance Asia’s vice president of corporate communications Kanjana Anantasomboon said the company provides some in-house services, so only part of it declined to say how much of its customer data owed to Inter Partner Assistance. service. ,
Other AXA subsidiaries in the Philippines, Malaysia and Hong Kong did not respond to requests for comment.
AXA Partners, the international insurer manual in Paris, gave few details. It said Sunday that the full impact of the attack was being investigated and that steps would be taken to “notify” and support all affected corporate clients. It said the attack took place recently, but did not specify when. It says that data was entered in Thailand
Kevin Snow, executive director of the Waikato County Health Council in New Zealand, said his emergency department now only transports emergency patients. He said administrators were working to resolve the issue, but did not give a timeline for when the system could be restored.
Dr. Deborah Powell, national secretary of the two unions, which represents doctors and other health professionals, said the attack hit every part of the operation, and doctors were unable to access clinical records to quickly assess patients.
Powell said he did not believe patients were at extra risk because staff were using solutions.
Discharge from hospitals was done manually, pa a pager system to warn many physicians when a patient had a cardiac arrest, which was replaced by a personal cell phone number system. People who try to contact patients are encouraged to try to call their cell phones.
Powell said he was told it was a ransomware attack but did not have all the details. The New Zealand Department of Health described it only as a “cyber incident attempt”.
It was unclear whether the incident had anything to do with others, including a cyber-attack that almost paralyzed Ireland’s national healthcare IT systems. Conti, a Russian-language ransom group different from the group involved in the AXA attack, demanded $ 20 million, according to a ransom negotiation page on its darknet website, which was viewed by the Associated Press.
The group threatened on Monday that it would “soon start publishing or selling your personal information.”
The Irish government’s decision not to pay criminals means that hospitals will no longer be able to access patient records, and will generally have to rely on handwritten records until the painstaking effort to restore thousands of computer servers from backup is completed.
News of the attack in Asia was first reported by the Financial Times. The attackers used a ransom program called Avaddon. Avaddon threatened to leak “valuable company documents” within 10 days if the company did not pay the unspecified ransom.
So-called “big game” hunters like Avaddon և Conti Reveal և target profitable victims by leasing their ransomware-as-a-service to subsidiaries that recruit the bulk of the heavyweights individuals – greater risk ույթի greater share of profit
AXA, one of the top five insurers in Europe, said this month that it would stop writing cyber-insurance policies in France to compensate customers for extortion payments to criminals. It says it did so out of fear that such retaliation would encourage cybercriminals to demand ransom from the companies they robbed, mutilating them with malicious software. When ransom victims pay, criminals provide software keys to decrypt the data.
The ransomware attacks returned to the headlines this month after hackers hit the United States’ largest fuel pipeline, the Colonial Pipeline. The company closed it for days to contain the damage.
Last year, ransomware reached epidemic proportions as criminals resorted to “double extortion” by stealing sensitive data before activating paralyzed encryption software and threatening to dump it online if not paid for.
This seems to be the case with the AXA subsidiary համակարգի Irish healthcare system.
Experts say the main victims of the rescue are in the United States, followed by France. In Asian countries, the amount of damages is not clear. Like most ransomware providers, Avaddon ransomware is designed to target computer systems with Russian-language keyboards and has a secure port in the former Soviet Union.
Conte also enjoys the Kremlin’s tolerance, being one of the most prolific of such gangs. He recently attacked a school system in Broward County, Florida, served by Fort Lauderdale, one of the largest school districts in the United States.
Perry made his contribution from Wellington, New Zealand. Also contributing to this report were Ellen Gunley of Paris and Frank Bayak of Boston.