Home News DXC’s Xchanging Subsidiary Falls Prey to Ransomware Attack

DXC’s Xchanging Subsidiary Falls Prey to Ransomware Attack

ransomware, ryuk ransomware, cox media

Xchanging, DXC Technology’s subsidiary and an Australian based IT services provider rendering services to insurance companies, reportedly experienced a ransomware attack. According to its website, Xchanging is primarily insurance managed services provider operating as a separate entity and thus, the ransomware attack did not affect any of DXCs mainframe systems and networks.

The main concern arises from the fact that DXC technology provides services across various industry verticals. It serves nearly 6,000 private and public sector customers across 70 countries and add to this, the DXC Partner Network including industry cloud experts like Amazon Web Services (AWS), Google Cloud, Microsoft, PwC, and many others. Thus, a security failure in their mainframe could potentially affect all these stakeholders associated with the company. However, Xchanging is confident that the incident solely remained isolated to their environment alone. In addition, DXC  did not indicate that data has been compromised or lost.

DXC itself has now taken all necessary steps to remediate the damages caused by the ransomware attack and hopes to resolve and restore all its affected services at the earliest. Additionally, it has also informed the required law enforcement agencies and cyber regulatory body about the incident, who are now working in tandem with them to speed up the investigation process.

Talking About Ransomware…

Have you heard about the Thanos ransomware? The rising popularity of this family of ransomware is associated with the fact that it is being advertised in the underground forums as Ransomware-as-a-service (RaaS) tool that exploits the RIPlace technique in the Windows file system This technique goes undetected in most antivirus, anti-ransomware, and Endpoint Detection and Response (EDR) solutions as it bypasses the security products by replacing all sensitive files on the victim’s machine.

It has been reportedly developed by a threat actor named as “Nosophoros”. However, a lot has changed since its initial emergence and now the latest feature of RIPlace technique has been integrated and used since February.

Read more about this ransomware family in the article Snap Your Fingers Twice, Thanos Ransomware is Here!