News feed: AXA Group announced on Sunday (16-05-2021) that the company has become a victim of a ransomware attack. Axa Hong Kong said there has been no evidence that data processed by Inter Partners Asia in markets other than Thailand have been affected by the targeted ransomware attack. No official announcement till today to update this incident.
Technology exploration: Avaddon ransomware performs an encryption in offline mode using AES-256 + RSA-2048 to encrypt files. With AES128-bit key, the task of cracking AES by checking each of the 2128 possible key values (a “brute force” attack) is so computationally intensive that even the fastest supercomputer would require, on average, more than 100 trillion years to do it. Microsoft .NET Cryptography library is capable to encrypt and decrypt file on his own.
The Windows 10 operating system incorporates the . NET Framework 4 installed and enabled by default. Therefore cybercriminal can share this service. For more details, please refer to attached document.
What is the consequence if AXA underestimate this matter? Or it is just a bluff!
A similar type of attack (files encrypted with RSA-2048 and AES-128 passwords) will allow cyber-criminals to gain access through remote control systems. After the machine is infected with the ransomware. The data exfiltration will be occurred. In fact, the hacker group claimed to have stolen 3 terabytes of data, including a long list of information: ID cards, passport copies, customer claims, reserved agreements, denied reimbursements, payments to customers, contract and reports, customer IDs and bank account scanned papers, hospital and doctor reserved material (private investigation for fraud) and customer medical reports including HIV, hepatitis, STD and other illness reports.
Latest news: https://www.thestandard.com.hk/section-news/section/2/230327/Axa-HK-unaffected-by-cyberattack