Andrew Agencies investigates extensive cyberattack

Incident becomes public following CBC story appearing almost two months after attack.

One day after news of the incident was made public, Virden-based general insurance company Andrew Agencies has admitted that its Information Technology (IT) infrastructure was attacked by a cybercriminal group in October.

On Wednesday, CBC News reported that the company was the victim of a ransomware attack which allegedly jeopardized the private information of Andrew Agencies customers. Online news site Bleeping Computer suggested a demand of $1.1 million was made for the return of data taken in the hacking.

article continues below

On Friday, Andrew Agencies responded with an announcement published on their website outlining that it had been targeted in an attack on its IT system on Oct. 21. The incident included the unauthorized access of the company’s network and the uploading of ransomware software.
Ransomware allows hackers to obtain control of the data stored within an IT system and ask for ransom for its release.

Andrew Agencies said it immediately sought the help of cyber security experts to investigate and respond to the attack while ensuring its integrity and security were intact.

“Following a rigorous forensic investigation conducted by leading cyber security forensic experts, we can confirm that we have no evidence that would suggest a privacy breach or that any customer or employee personal information was accessed or apprehended by the attackers,” said the Andrew Agency announcement, which was released Friday, two months after the incident.

“We know that the unknown individual(s) was/were able to access high level technical information related to our computer systems, but we have no evidence that would suggest any personal information was impacted,” Andrew Agencies said, also pointing out that reports of the attackers revealing the first and last names of individuals online were found to be false by their investigation.

The cybercriminal group, Maze, has claimed responsibility for the attack. After claiming to have stolen 1.5 gigabytes of data and allegedly posting the names in a text file on the group’s private website, the site was unavailable for access as of Friday afternoon, CBC reported.
Andrew Agencies, which was established in 1913 and headquartered in Virden, operates general insurance services at 18 locations throughout Manitoba, Saskatchewan and Alberta.

“We have taken this matter very seriously and have expended considerable resources in the investigation and remediation of this incident,” Andrew Agencies said on its website. “We have put in place any and all steps necessary for remediation and are working closely with experts to identify opportunities to even further strengthen our IT infrastructure.”

The Empire-Advance has reached out to Andrew Agencies for comment, but had not responded by 2 p.m Monday.

© Virden Empire-Advance

Read more from the Empire-Advance