{
	"id": "682dc13a-eeb1-44b0-9cdb-1d7be7cf3daa",
	"created_at": "2026-04-06T00:09:55.303182Z",
	"updated_at": "2026-04-10T13:11:48.605952Z",
	"deleted_at": null,
	"sha1_hash": "98973ea498271b4aff006d89dec8f93cf1a31c88",
	"title": "Chubb Cyber Insurer Allegedly Hit By Maze Ransomware Attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1408212,
	"plain_text": "Chubb Cyber Insurer Allegedly Hit By Maze Ransomware Attack\r\nBy Lawrence Abrams\r\nPublished: 2020-03-26 · Archived: 2026-04-05 17:35:21 UTC\r\nCyber insurer giant Chubb is allegedly the latest ransomware victim according to the operators of the Maze Ransomware\r\nwho claim to have encrypted the company in March 2020.\r\nChubb is one of the leading insurance carriers in the world with an extensive line of cyber insurance products that include\r\nincident response, forensics, legal teams, and even public relations.\r\nRansomware is not unknown to Chubb, as in their 2019 Cyber InFocus Report Chubb explains that malware-related claims\r\nhave risen by 18% in 2019, with ransomware being responsible for 40% of manufacturer's cyber claims and 23% of cyber\r\nclaims for smaller businesses.\r\nhttps://www.bleepingcomputer.com/news/security/chubb-cyber-insurer-allegedly-hit-by-maze-ransomware-attack/\r\nPage 1 of 6\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/chubb-cyber-insurer-allegedly-hit-by-maze-ransomware-attack/\r\nPage 2 of 6\n\nVisit Advertiser websiteGO TO PAGE\r\nRansomware targets per industry\r\nSource: Chubb Cyber InFocus Report\r\nMaze claims they encrypted Chubb's network\r\nIn a new entry on their Maze 'News' site, the ransomware operators claim to have encrypted devices on Chubb's network in\r\nMarch, 2020.\r\nChubb Entry on Maze's News Site\r\nAs part of these attacks, the Maze operators will steal a company's files before encrypting their network. These stolen files\r\nwill then be used as leverage by threatening to publicly release it if a ransom is not paid.\r\nSince then, other ransomware operators such as REvil, DoppelPaymer, and CLOP have also begun to adopt this extortion\r\ntactic.\r\nhttps://www.bleepingcomputer.com/news/security/chubb-cyber-insurer-allegedly-hit-by-maze-ransomware-attack/\r\nPage 3 of 6\n\nAfter encrypting victims, Maze will create an entry on their news site as a warning to the victim that if they do not pay, their\r\ndata will be published. If a victim does not pay, the operators publish an increasingly larger amount of stolen data until it is\r\nall released.\r\nMaze has not published any of the allegedly stolen data, but have included the email addresses of executives such as CEO\r\nEvan Greenberg, COO John Keogh, and Vice Chairman John Lupica. This information, though, should not be considered\r\nproof of encryption as the emails are readily available on public websites.\r\nFurthermore, as published stolen data usually contains the personal information of employees and sensitive client\r\ninformation, it causes ransomware attacks to become a data breach. This brings along all of the legal and notification\r\nrequirements, PR nightmares, and the potential of lawsuits.\r\nIn a statement to BleepingComputer, Chubb stated that they are investigating whether this is unauthorized access to their\r\ndata held at a third-party service provider as there is no evidence that their network was breached.\r\n\"We are currently investigating a computer security incident that may involve unauthorized access to data held by a third-party service provider. We are working with law enforcement and a leading cybersecurity firm as part of our investigation.\r\nWe have no evidence that the incident affected Chubb’s network. Our network remains fully operational and we continue to\r\nservice all policyholder needs, including claims. Securing the data entrusted to Chubb is a top priority for us. We will\r\nprovide further information as appropriate\", Chubb told BleepingComputer.\r\nThe Maze operators have told BleepingComputer that they are not providing any further details of the attack at this time.\r\nVulnerable Citrix gateways on Chubb network\r\nWhile Chubb states that their network has not been compromised, cybersecurity intelligence firm Bad Packets has stated that\r\nthe company has numerous Citrix ADC (Netscaler) servers that are vulnerable to the CVE-2019-19871 vulnerability.\r\nThis vulnerability has been exploited in the past to hack into networks and install ransomware.\r\nPhobos Group's Dan Tentler also tweeted that Chubb has a Remote Desktop server publicly accessible from the Internet,\r\nwhich is a huge security risk. \r\nhttps://www.bleepingcomputer.com/news/security/chubb-cyber-insurer-allegedly-hit-by-maze-ransomware-attack/\r\nPage 4 of 6\n\nAccording to the FBI, \"RDP is still 70-80% of the initial foothold that ransomware actors use.\"\r\nIt is not known if any of these devices were used as part of the attack, but should be secured to enhance perimeter security.\r\nUpdate 3/26/20: Added information about vulnerable Citrix gateways, RDP servers, and Chubb's statement.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nhttps://www.bleepingcomputer.com/news/security/chubb-cyber-insurer-allegedly-hit-by-maze-ransomware-attack/\r\nPage 5 of 6\n\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/chubb-cyber-insurer-allegedly-hit-by-maze-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/chubb-cyber-insurer-allegedly-hit-by-maze-ransomware-attack/\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/chubb-cyber-insurer-allegedly-hit-by-maze-ransomware-attack/"
	],
	"report_names": [
		"chubb-cyber-insurer-allegedly-hit-by-maze-ransomware-attack"
	],
	"threat_actors": [],
	"ts_created_at": 1775434195,
	"ts_updated_at": 1775826708,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/98973ea498271b4aff006d89dec8f93cf1a31c88.pdf",
		"text": "https://archive.orkl.eu/98973ea498271b4aff006d89dec8f93cf1a31c88.txt",
		"img": "https://archive.orkl.eu/98973ea498271b4aff006d89dec8f93cf1a31c88.jpg"
	}
}