CNA Financial Corporation, one of the largest commercial insurance companies in the United States, suffered a ransomware attack on March 21, 2021 that disrupted its operations for approximately three weeks. Attackers deployed Phoenix CryptoLocker — a variant of WastedLocker associated with the Evil Corp threat actor group — encrypting approximately 15,000 devices including CNA employees working remotely via VPN. CNA disconnected from its network to contain the attack, leaving agents and policyholders unable to access CNA systems or receive services. According to reporting by Bloomberg, CNA paid approximately $40 million ransom to regain access to its encrypted network — making it one of the largest known ransomware payments in history. The ransom payment raised significant legal concerns given that Evil Corp is a sanctioned entity under US Treasury OFAC designations. CNA’s breach notification (filed with regulators) revealed that attackers had accessed personal data of approximately 75,349 individuals before encryption, including names, Social Security numbers, and health benefit information. The attack highlighted insurance companies’ vulnerability — particularly ironic given CNA sells cyber insurance policies.