CNA Financial, the US insurance conglomerate, has apparently paid $40 million to ransomware operators to gets its files back. Here is another cooptation that does not have adequate safeguards. The cost for a backup in case of the unthinkable is not that expensive. It is arrogant to think nothing can happen. When it does happen the shame should be published until more companies deal with security.

In March the business revealed it had been hit by an extensive Phoenix Locker infection; this strain of malware was developed by Russian scam artists calling themselves Evil Corp, which may have links to Russian intelligence.

All CNA systems are now back up and running though it appears that the company didn’t manage this themselves and instead coughed up a widely reported $40 million to the extortionists for the means to decrypt the scrambled files.

Toyota got nicked twice. The first hit the European operations of its subsidiary Daihatsu Diesel Company, a Toyota-owned company entity that designs engines. Numerous Japanese outlets, meanwhile, are reporting that Toyota subsidiary Auto Parts Manufacturing Mississippi has revealed a ransomware attack. The  Auto Parts Manufacturing Mississippi has not paid and was not disrupted, the reports say.

Security woes are a growing problem. Corporations cannot be lax about it anymore.