Asia Assistance, a subsidiary of multinational insurance company AXA, has been infected by the Avaddon ransomware at multiple branch locations in Hong Kong, Malaysia, the Philippines, and Thailand. Avaddon claims on their website to have stolen 3 TB of data and began a Distributed Denial of Service (DDoS) against multiple AXA-owned websites until the company reaches out to begin ransom payment negotiations. Stolen data includes bank statements, claims, medical and payment records and more, according to the ransomware group. The group behind Avaddon gave AXA 10 days to cooperate and threatened to release more stolen documents if negotiations have not occurred.
Analyst Notes
Binary Defense highly recommends reading and implementing steps from the CISA (Cybersecurity & Infrastructure Agency) and NCSC (National Cyber Security Centre) ransomware guides. The guides contain detailed information that any organization can use, describing in detail how to backup and protect data, create incident response plans, and more. Binary Defense also recommends utilizing services like Threat Hunting or a 24/7 SOC such as our own Security Operations Task Force to quickly find and react to threats on your network before they have a chance to spread.
