Insurance firm Ardonagh Group disabled 200 admin accounts as ransomware infection took hold

Firm says 'cyber incident' is being fought with third-party help

19 Reg comments Got Tips?

Jersey-headquartered insurance company Ardonagh Group has suffered a potential ransomware infection.

Informed sources whispered to The Register that the insurance firm had been forced to suspend 200 internal accounts with admin privileges as the "cyber incident" progressed through its IT estate.

The UK's second largest privately owned insurance broker, according to the Financial Times, Ardonagh Group has spent the year to date acquiring other companies.

The timing of the most recent attack is unfortunate: Ardonagh recently published its financials, showing a loss of £94.m, according to reports.

Ardonagh spokeswoman Kelly-Ann Knight did not dispute that the "cyber incident" the firm suffered last week was ransomware but did not confirm any specifics.

She told The Register: "The incident was identified as a result of the routine comprehensive monitoring we have in place. We immediately took all necessary action including taking impacted systems offline and have implemented our business continuity plans in the impacted business units, to minimise disruption to our customers. We are working with third-party forensic and IT experts to manage the situation and are in the process of carrying out remedial action."

Sources further told us that IT access within the firm has been patchy as internal crisis response teams, along with the aforementioned third-party responders, scrambled to halt the ransomware.

A fortnight ago one of the world's largest insurance brokers was reportedly struck by ransomware. Though there is no indication that the attack on Ardonagh is linked, companies with plenty of cash in the bank are attractive targets to the sorts of criminals behind ransomware attacks. ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020