A US insurance company may have paid one of the most expensive malware ransoms to date. According to Bloomberg, CNA Financial shelled out $40 million in late March to regain control of its network following a two-week lockout. To put that payout in perspective, the CEO of the Colonial Pipeline told The Wall Street Journal this week his company paid $4.4 million to hackers. That’s a ransomware attack that led to fuel shortages across the US.

“CNA is not commenting on the ransom,” a spokesperson for the company told Bloomberg. “CNA followed all laws, regulations and published guidance, including OFAC’s 2020 ransomware guidance, in its handling of this matter.”

The company fell victim to Phoenix Locker, an offshoot of the Hades ransomware created by infamous Russian cybercrime operation Evil Corp. Some security researchers believe Evil Corp is also behind WastedLocker, the malware linked to last year’s Garmin ransomware attack. In 2019, the US Treasury Department sanctioned the group for its activities. It’s unclear if Phoenix, the group behind the CNA attack, is affiliated with Evil Corp.

Ransomware attacks have become increasingly common and disruptive in recent years. In April and March, the REvil ransomware gang demanded $50 million from Apple supplier Quanta and Acer. Even Cyberpunk 2077 developer CD Projekt Red had to deal with a lockout, which led to a delay in the game’s second major patch coming out.