Infecting insurance firms with ransomware… for dummies

The article explains a tactic where ransomware gangs compromise an insurer to extract client cyberinsurance records, use that list to prioritize and extort insured companies (leveraging knowledge of coverage and limits), and eventually return to ransom the originally compromised insurer — a repeating campaign pattern illustrated by the CNA incident.