The well-known US-based insurance firm Arthur J. Gallagher (AJG) disclosed a ransomware attack that occurred on September 26th, 2020. AJG did a fantastic job of responding to the attack as it was recognized on the day it occurred, and a minimal section of their systems were affected. A portion of the companies’ statement read, “We promptly took all of our global systems offline as a precautionary measure, initiated response protocols, launched an investigation, engaged the services of external cybersecurity and forensics professionals, and implemented our business continuity plans to minimize disruption to our customers.” It appears as though the attack will not have lasting effects on the company’s operations. At the time of disclosure, AJG did not reveal technical details regarding the attack, and it is unclear as to how the ransomware made its way into their systems. However, Bad Packets founder Troy Mursch told Bleeping Computer that two F5 BIG-IP servers that were vulnerable to CVE-2020-5902 and were used by AJG could have been how the threat actors targeted the company.
Analyst Notes
Servers that are accessible over the Internet should be patched as soon as patches are made available. If patches are not currently available, temporary mitigations may be released to mitigate the effects of any vulnerabilities. The way AJG handled the situation quickly to prevent further harm shows the importance of having a good security team that has a proper response plan in place. Knowing how to respond to these instances promptly can save companies data and money.
Source: https://securityaffairs.co/wordpress/108925/malware/ajg-ransomware-attack.html?web_view=true
