SI says Xchanging, a business focused on the insurance industry, was target
The Lowdown: The company said that systems used by Xchanging, a managed service business focused on the insurance industry, had come under attack.
The Details: In a brief statement, DXC officials said the ransomware attack seems to be isolated to the Xchanging IT environment and that as of this weekend, it doesn’t seem that data has been compromised or lost because of it.
The Tysons, Virginia-based company said it has taken a series of steps in response to the attack, including helping impacted customers and reaching out to legal authorities. DXC didn’t identify the cybercriminal group suspected of being behind the attack.
The Impact: Channel partners – and MSPs in particular – have come under increasing attack by bad actors that see them as avenues into the IT environment of their customers through such pathways as remote monitoring and management (RMM) solutions. Cognizant in April was the victim of an attack on its internal systems by the Maze ransomware group and officials said the following month that it had contained the attack. Officials in May said they expected to lose between $50 million and $70 million due to the attack.
IT service company Conduent also was hit by the Maze ransomware, saying that in late May its European operations were impacted.
Background: Ransomware continues to be an ongoing threat to a broad array of sectors, from city and state governments to schools and hospitals. In such attacks, cybercriminals gain control of their victim’s data, encrypt it, and then demand a ransom be paid before a decryption code is given. According to reports, since the onset of the coronavirus pandemic, hospitals, medical research facilities, and other healthcare organizations have seen ransomware incidents increase. Cybersecurity firm Emsisoft said in a report earlier this year that ransomware costs in the United States could hit more than $1.4 billion.
The Buzz: “The company has implemented a series of containment and remediation measures to resolve this situation,” DXC officials said in the statement. “DXC is actively working with affected customers to restore access to their operating environment as quickly as possible. DXC is also engaging with law enforcement and appropriate cyberagencies.”