CNA systems remain down after cyberattack

CNA Financial Corp.’s computer systems remained down on Friday as the insurer grappled with a cyberattack by a hacker group known as Phoenix.

Nearly a week after the insurer discovered it had been attacked, its website remained inaccessible and just contained alternative contact information.

Information security publication Bleeping Computer reported Thursday that the attack on CNA used Phoenix CryptoLocker, a new ransomware believed to be a spinoff from a hacker group known as Evil Corp, which has been sanctioned and its alleged leaders charged by the U.S. government.

In a statement included in an article on the publication’s website, which a CNA spokeswoman confirmed as accurate, the insurer said: “The threat actor group, Phoenix, responsible for this attack, is not a sanctioned entity and no U.S. government agency has confirmed a relationship between the group that attacked CNA and any sanctioned entity. We have notified the FBI of this incident and are actively cooperating with them as they conduct their investigation.”