DXC says ransomware attack disrupted customer operations at insurance services arm but barely left a scratch

No data loss or evidence of extended intrusions, but standalone limb Xchanging did suffer

DXC has recovered from a ransomware attack that hit its independent services-for-insurers operation Xchanging.

The company revealed the attack on July 5th with an announcement that “certain systems” of the IT environment at its insurance managed services subsidiary Xchanging had fallen victim to ransomware.

DXC didn’t detail which ransomware it received, but it was clearly disruptive for Xchanging clients because the services giant revealed it was “working with affected customers to restore access to their operating environment as quickly as possible.” DXC clients were insulated from the incident because Xchanging is a standalone operation.

Now DXC has offered additional detail and “confirmed containment of the incident in the immediate days following identification with minimal impact on Xchanging customers; no loss of DXC or Xchanging customer data; no impact on the wider Xchanging or DXC IT estates; and full restoration of Xchanging customer operations.”

DXC enlisted Mandiant/FireEye to help with the incident and reported the matter to the relevant authorities so they can probe the event.

Together they found “no indications of previous infection, spread beyond initially impacted Xchanging systems, or continued infection by the threat actor”.

Bullet dodged, then. Or was it? DXC has not offered any information on the extent of the disruptions to clients, but did say: “DXC teams worked with affected Xchanging customers to restore access to their operating environments as quickly as possible and shared Indicators of Compromise (IOCs) and other relevant technical information.”

We don’t know just how long those disruptions were, but The Register’s search for news of outages at insurance companies in recent weeks has not turned up any incidents.

But even if the disruptions were very brief, it's never a good look for a services provider that advises on security to suffer a successful attack.

At least Xchanging and its clients appear to have endured ransomware rather better than the likes of Garmin, a collection of UK Universities and – tragically – Australian brewer Lion that was sunk by two shots of ransomware in recent months. ®

Biting the hand that feeds IT © 1998–2021