The hackers responsible for the Maze ransomware have claimed that they have hit major insurance company Chubb.
The cyberattackers posted news of the attack on their website, claiming that they managed to encrypt devices on Chubb’s network this month. BleepingComputer reported that as part of their modus operandi, the Maze hackers steal files from their victims before locking the devices with ransomware-based encryption. The stolen files are then used as leverage by the Maze hackers, who threaten to make the data public unless the victims pay the ransom.
Maze has yet to publish any of the data they allegedly stole from Chubb, but the hackers have posted the email addresses of CEO Evan Greenberg, COO John Keogh, and vice-chairman John Lupica. It should be noted, however, that these emails are already publicly available on websites and Maze’s posting does not constitute evidence that the insurer’s computers were encrypted.
Chubb told BleepingComputer in a statement that they are investigating if this is a case of unauthorised access to their data, which is being held by a third-party service provider. The insurer added that there is no evidence that their own network has been breached.
“We are currently investigating a computer security incident that may involve unauthorised access to data held by a third-party service provider. We are working with law enforcement and a leading cybersecurity firm as part of our investigation. We have no evidence that the incident affected Chubb’s network,” the insurance company said in its statement.
Chubb also said that its network remains fully operational and that it continues to service all policyholder needs, such as claims.
“Securing the data entrusted to Chubb is a top priority for us. We will provide further information as appropriate,” the statement outlined.