CNA website still down nearly two weeks after what the insurance giant is now calling a ‘sophisticated ransomware attack’
BIZ-CNA-WEBSITE-STILL-DOWN-NEARLY-TB.jpg

A view looking northeast June 13, 2018, shows the CNA office building at 151 North Franklin. The Chicago-based insurance giant disclosed Thursday the cybersecurity attack that prompted CNA to take down its website nearly two weeks ago was the result of ransomware.

 Chris Walker / Chicago Tribune

CHICAGO — It has been nearly two weeks since CNA sustained what it is now calling a “sophisticated ransomware attack,” and the Chicago-based insurance giant’s website remained down Friday afternoon.

While law enforcement and forensic experts hired by CNA conduct investigations, the company said in an online statement Thursday the attack has been “successfully contained” and it is safe to communicate with CNA through its reestablished corporate email system.

“We are working as diligently and as quickly as possible to fully resume operations,” the company said.

A CNA spokeswoman declined to comment Friday beyond the statement.

Capitol Recap: GOP takes another crack at redistricting reform

CNA sustained the cyberattack March 21, which it disclosed Thursday included ransomware, a form of malware that corrupts computer systems through encrypted files, with attackers demanding payment for a software fix. The company did not disclose information about the attacker, but said the ransomware used “does not contain the ability to automatically spread to any internal or external systems.”

Ransomware is a growing threat to both public and private networks, causing data loss, privacy issues and costing billions of dollars a year, according to the federal Cybersecurity and Infrastructure Security Agency.

CNA disconnected its systems from its network in the wake of the cyberattack “to contain the threat,” the company said. That initially shut down everything from its corporate email to the functionality of its website, which was reduced to a static display.

“We are well into the restoration phase and making significant progress across our internal systems to return our environment to a fully operational state,” CNA said in its statement.

While the company said it has contained the threat, it is unclear if the cyberattack caused any damage to CNA’s business partners and customers.

“Once our investigation is complete, we will notify any impacted parties as appropriate,” the company said.

CNA Financial, which has 5,800 employees worldwide, is one of the largest commercial property and casualty insurance companies in the U.S., generating $10.8 billion in revenue last year, according to financial reports.

