DXC Technology has reported a ransomware incident to the US Securities and Exchange Commission regarding its subsidiary, Xchanging, on July 5th. Xchanging is a managed services provider (MSP) primarily focused on insurance-based businesses. Although the ransomware family has not yet been made public, DXC has expressed confidence that the infection did not spread beyond a subset of the Xchanging environment. The attack did affect services for a small number of customers, but no customer data appears to have been breached or lost.
While no information has been provided about the method of intrusion yet, many ransomware attacks begin through phishing attempts. Many attacks (not just ransomware) can be prevented through a combination of email gateway monitoring and security education focused on phishing. Remote Desktop Protocol (RDP) is also a common vector of attack in ransom cases. RDP should only be accessible from within an organization’s network, using a VPN to provide secure remote connectivity, rather than allowing direct connections from the Internet. Organizations should also consider deploying an endpoint monitoring solution to monitor for suspicious actions taken by malicious actors. Managed security services such as the Binary Defense Security Operations Center (SOC) can provide 24/7 monitoring to quickly detect, contain and alert security teams to threats before they have the chance to spread throughout the network.