Insurance and financial services company Andrew Agencies became the latest firm to disclose it had been hit by a ransomware attack that impacted 245 computers. The firm, however, claimed that no personal information has been stolen due to the recent incident.
"At this time, Andrew Agencies can confirm that it has recently dealt with a security breach incident involving ransomware,” confirmed Dave Schioler, the Executive Vice President & General Counsel for Andrew Agencies, on Wednesday.
According to him, Andrew Agencies have taken all the necessary means to counter the attack by exhausting considerable resources and reaching out to third parties that have expertise in dealing with the same incident.
“We also wish to emphasize that as a result of our investigation, we have uncovered no evidence of sensitive personal information or data being stolen or otherwise compromised. While we are not at liberty to share the particulars of the investigation with you, we can advise that the incident has had minimal impact on our operations. Andrew Agencies did not pay a ransom as part of the recovery effort,” Schioler continued.
“We are confident with our operating status and security, and we, therefore, do not intend to be providing further commentary on this matter."
Earlier this week, the computer help site Bleeping Computer reported it had received emails from the operators of the Maze Ransomware in connection to the recent attack. According to the publication, the emails revealed that the security incident happened on October 21, 2019, and even provided a list of 245 encrypted computers, their IP addresses, computer names, and sizes of the encrypted data as “proof” of the ransomware.
In addition to the mentioned list, the operators also revealed they have originally asked Andrew Agencies for a total of $1.1. million or 150 bitcoins for ransom. The firm, according to the attackers, communicated with them for some time but it had stopped responding.
"They are really good Canadian guys, but they have disappeared. They came up to decide that they should buy decryptor and asked us for a time as they are collecting money," said Maze operators to BleepingComputer via email.
However, while Andrew Agencies argue that no personal information has been stolen due to the attack, the operators of the ransomware claimed they have stolen 1.5GB of data "about insurance customers."
The deadline for the ransom in exchange for keeping the company’s data is originally set at the end of November. Today, although no data has been publicly published yet, Bleeping Computer noted that Maze has a history of staying true to its threats, citing even the group’s previous attack on Allied Universal as an example.
