Chubb Cyber Ransomware Attack

Chubb Cyber Ransomware Attack

Posted by Peter Bassill on 28/03/2020

Chubb Cyber Ransomware Attack? Really? Well yes. It seems that, according the operations of Maze Ransomware, there really was a Chubb Cyber Ransomware Attack.

The ransomware attack is claimed to have encrypted the company in March 2020.

Chubb is one of the leading insurance carriers in the world with an extensive line of cyber insurance products that include incident response, forensics, legal teams, and even public relations.

Ransomware is not unknown to Chubb, as in their 2019 Cyber InFocus Report Chubb explains that malware-related claims have risen by 18% in 2019, with ransomware being responsible for 40% of manufacturer's cyber claims and 23% of cyber claims for smaller businesses.

Now, this is where is gets interesting. Is this all purely a marketing exercise by Maze?

"We are currently investigating a computer security incident that may involve unauthorized access to data held by a third-party service provider. We are working with law enforcement and a leading cybersecurity firm as part of our investigation. We have no evidence that the incident affected Chubb’s network. Our network remains fully operational and we continue to service all policyholder needs, including claims. Securing the data entrusted to Chubb is a top priority for us. We will provide further information as appropriate."
Chubb told BleepingComputer

Is it likely there was a Chubb Cyber Ransomware Attack? While Chubb states that their network has not been compromised, we checked how exposed they are. Using the Shodan project along with data from our own Schan Project, we can see numerous Citrix ADC (Netscaler) servers that are vulnerable to the CVE-2019-19871 vulnerability.

Lessons learned?

We asked our CEO, Peter Bassill, what should businesses learn from this?

This is quite a complex story. There is certainly little evidence to support the argument there ever was a Chubb Cyber Ransomware Attack. However, there really are two lessons coming out of this.

Make sure you have a PR policy ready for an event, even if it is a null even; and
Patch your external systems every month.

Contact us

  • Worklab, Europort, Gibraltar

  • +350 540 73836