Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

DXC says ransomware attack disrupted customer operations at insurance services arm but barely left a scratch

No data loss or evidence of extended intrusions, but standalone limb Xchanging did suffer

Simon Sharwood, APAC Editor Thu 30 Jul 2020  //  07:29 UTC

DXC has recovered from a ransomware attack that hit its independent services-for-insurers operation Xchanging.

The company revealed the attack on July 5th with an announcement that “certain systems” of the IT environment at its insurance managed services subsidiary Xchanging had fallen victim to ransomware.

DXC didn’t detail which ransomware it received, but it was clearly disruptive for Xchanging clients because the services giant revealed it was “working with affected customers to restore access to their operating environment as quickly as possible.” DXC clients were insulated from the incident because Xchanging is a standalone operation.

Now DXC has offered additional detail and “confirmed containment of the incident in the immediate days following identification with minimal impact on Xchanging customers; no loss of DXC or Xchanging customer data; no impact on the wider Xchanging or DXC IT estates; and full restoration of Xchanging customer operations.”

DXC enlisted Mandiant/FireEye to help with the incident and reported the matter to the relevant authorities so they can probe the event.

Together they found “no indications of previous infection, spread beyond initially impacted Xchanging systems, or continued infection by the threat actor”.

Bullet dodged, then. Or was it? DXC has not offered any information on the extent of the disruptions to clients, but did say: “DXC teams worked with affected Xchanging customers to restore access to their operating environments as quickly as possible and shared Indicators of Compromise (IOCs) and other relevant technical information.”

We don’t know just how long those disruptions were, but The Register’s search for news of outages at insurance companies in recent weeks has not turned up any incidents.

But even if the disruptions were very brief, it's never a good look for a services provider that advises on security to suffer a successful attack.

At least Xchanging and its clients appear to have endured ransomware rather better than the likes of Garmin, a collection of UK Universities and – tragically – Australian brewer Lion that was sunk by two shots of ransomware in recent months. ®
Send us news
6 Comments

Ransomware feared as IT 'issues' force Octapharma Plasma to close 150+ centers

Source blames BlackSuit infection – as separately ISP Frontier confirms cyberattack

Mandiant: Orgs are detecting cybercriminals faster than ever

The 'big victory for the good guys' shouldn't be celebrated too much, though

UnitedHealth admits IT security breach could 'cover substantial proportion of people in America'

That said, good ol' American healthcare system so elaborately costly, some are forced to avoid altogether

185K people's sensitive data in the pits after ransomware raid on Cherry Health

Extent of information seized will be a concern for those affected

Leicester streetlights take ransomware attack personally, shine on 24/7

City council says it lost control after shutting down systems

MITRE admits 'nation state' attackers touched its NERVE R&D operation

PLUS: Akira ransomware resurgent; Telehealth outfit fined for data-sharing; This week's nastiest vulns

MGM says FTC can't possibly probe its ransomware downfall – watchdog chief Lina Khan was a guest at the time

What a twist!

Change Healthcare’s ransomware attack costs edge toward $1B so far

First glimpse at attack financials reveals huge pain

Change Healthcare faces second ransomware dilemma weeks after ALPHV attack

Theories abound over who's truly responsible

Head of Israeli cyber spy unit exposed ... by his own privacy mistake

Plus: Another local government hobbled by ransomware; Huge rise in infostealing malware; and critical vulns

Ransomware gang <em>did</em> steal residents' confidential data, UK city council admits

INC Ransom emerges as a growing threat as some ex-LockBit/ALPHV affiliates get new gigs

INC Ransom claims to be behind 'cyber incident' at UK city council

This follows attack on NHS services in Scotland last week