{
	"id": "b102c962-ab07-4fbd-a703-0862fab4185b",
	"created_at": "2026-04-06T00:09:04.937375Z",
	"updated_at": "2026-04-10T03:20:55.59543Z",
	"deleted_at": null,
	"sha1_hash": "7789cf392a064770aa3fcf2ab1b6d0724982475b",
	"title": "Insurer AXA hit by ransomware after dropping support for ransom payments",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1359181,
	"plain_text": "Insurer AXA hit by ransomware after dropping support for ransom\r\npayments\r\nBy Ax Sharma\r\nPublished: 2021-05-16 · Archived: 2026-04-05 18:10:56 UTC\r\nBranches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a\r\nransomware cyber attack.\r\nAs seen by BleepingComputer yesterday, the Avaddon ransomware group claimed on their leak site that they had stolen 3\r\nTB of sensitive data from AXA's Asian operations.\r\nAdditionally, BleepingComputer observed an ongoing Distributed Denial of Service (DDoS) against AXA's global websites\r\nmaking them inaccessible for some time yesterday.\r\nhttps://www.bleepingcomputer.com/news/security/insurer-axa-hit-by-ransomware-after-dropping-support-for-ransom-payments/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/insurer-axa-hit-by-ransomware-after-dropping-support-for-ransom-payments/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nThe compromised data obtained by Avaddon, according to the group, includes customer medical reports (exposing their\r\nsexual health diagnosis), copies of ID cards, bank account statements, claim forms, payment records, contracts, and more.\r\nThe announcement from the group comes roughly a week after AXA stated that they would be dropping reimbursement\r\nfor ransomware extortion payments when underwriting cyber-insurance policies in France.\r\nRansomware group hits AXA's Asian offices\r\nYesterday, the Avaddon ransomware group claimed responsibility for attacking Asia-based branches of insurance giant\r\nAXA.\r\nAdditionally, the group claimed that AXA's websites based in Thailand, Malaysia, Hong Kong, and the Philippines were\r\nsubject to an active DDoS attack:\r\nAXA's Asia-based websites were timing out yesterday when accessed by BleepingComputer\r\nThe Avaddon ransomware gang first announced in January 2021 that they will launch DDoS attacks to take down victims'\r\nsites or networks until they reach out and begin negotiating to pay the ransom.\r\nBleepingComputer first reported about this new trend in October 2020, when ransomware groups began using DDoS attacks\r\nagainst their victims as an additional leverage point.\r\nAvaddon's announcement of the attack on AXA's systems comes roughly a week after AXA had stated that their cyber-insurance policies written in France would no longer include reimbursement for ransomware extortion payouts.\r\nAlthough the exact date of the attack is unknown, Avaddon began leaking some of the stolen data on their leak site\r\nyesterday, as seen by BleepingComputer.\r\nAvaddon also threatened AXA that the insurance company had about ten days to communicate and cooperate with them,\r\nafter which they would leak AXA's valuable documents.\r\nThe group claims to have obtained 3 TB of data belonging to AXA including:\r\ncustomer medical reports (including those containing sexual health diagnosis)\r\ncustomer claims\r\npayments to customers\r\ncustomers' bank account scanned documents\r\nmaterial restricted to hospitals and doctors (private fraud investigations, agreements, denied reimbursements,\r\ncontracts)\r\nIdentification documents such as National ID cards, passports, etc.\r\nhttps://www.bleepingcomputer.com/news/security/insurer-axa-hit-by-ransomware-after-dropping-support-for-ransom-payments/\r\nPage 3 of 5\n\nMedical bill for a patient leaked by the group\r\nSource: BleepingComputer\r\nAXA: 'No evidence' data beyond a Thai partner accessed\r\nWhen contacted by BleepingComputer, AXA said:\r\n\"Asia Assistance was recently the victim of a targeted ransomware attack which impacted its IT operations in Thailand,\r\nMalaysia, Hong Kong, and the Philippines.\"\r\n\"As a result, certain data processed by Inter Partners Assistance (IPA) in Thailand has been accessed.\"\r\n\"At present, there is no evidence that any further data was accessed beyond IPA in Thailand.\"\r\n\"A dedicated taskforce with external forensic experts is investigating the incident. Regulators and business partners have\r\nbeen informed. \"\r\n\"AXA takes data privacy very seriously and if IPA's investigations confirms that sensitive data of any individuals have been\r\naffected, the necessary steps will be taken to notify and support all corporate clients and individuals impacted,\" an AXA\r\nspokesperson told BleepingComputer.\r\nThe timing around the incident is noteworthy considering, this week, the Federal Bureau of Investigation (FBI) and the\r\nAustralian Cyber Security Centre (ACSC) had warned of ongoing Avaddon ransomware attacks targeting organizations from\r\nan extensive array of sectors in the US and worldwide.\r\nRansomware attacks on organizations continue to grow and cause disruptions for many with attackers demanding exorbitant\r\nransom payments.\r\nRecently, the DarkSide cybercrime group demanded $5 million to restore Colonial Pipeline system operations. \r\nAnd, just this week, BleepingComputer reported on Ireland's Health Services hit with a $20 million ransomware demand.\r\nAXA has not yet commented on the ransom amount demanded by Avaddon.\r\nhttps://www.bleepingcomputer.com/news/security/insurer-axa-hit-by-ransomware-after-dropping-support-for-ransom-payments/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/insurer-axa-hit-by-ransomware-after-dropping-support-for-ransom-payments/\r\nhttps://www.bleepingcomputer.com/news/security/insurer-axa-hit-by-ransomware-after-dropping-support-for-ransom-payments/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/insurer-axa-hit-by-ransomware-after-dropping-support-for-ransom-payments/"
	],
	"report_names": [
		"insurer-axa-hit-by-ransomware-after-dropping-support-for-ransom-payments"
	],
	"threat_actors": [],
	"ts_created_at": 1775434144,
	"ts_updated_at": 1775791255,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7789cf392a064770aa3fcf2ab1b6d0724982475b.pdf",
		"text": "https://archive.orkl.eu/7789cf392a064770aa3fcf2ab1b6d0724982475b.txt",
		"img": "https://archive.orkl.eu/7789cf392a064770aa3fcf2ab1b6d0724982475b.jpg"
	}
}