US-based Arthur J. Gallagher (AJG) global insurance brokerage firm confirmed that it was his with a ransomware attack on Saturday, September 26. The company did not provide technical details about the attack, it is not clear how the ransomware operators breached the company and which is the family of malware that infected its systems.
According to the company profile, AJG has 33,300 employees and operates in 49 countries offering client-service capabilities in more than 150 countries around the world.
The company is currently ranked 429 on the Fortune 500 list.
The IT staff at the company detected the ransomware attack the same day, it added that only a “limited portion” of its internal systems was impacted and its operations were apparently not impacted.
“On September 26, 2020, Arthur J. Gallagher & Co. (the “Company”) detected a ransomware incident impacting a limited portion of our internal systems.” reads the 8-K form filed by the company with the U.S. Securities and Exchange Commission (SEC) on September 28th,
“We promptly took all of our global systems offline as a precautionary measure, initiated response protocols, launched an investigation, engaged the services of external cybersecurity and forensics professionals, and implemented our business continuity plans to minimize disruption to our customers”
The company is restarting its business systems and is investigating the incident. AJG added that it doesn’t expect the incident to have a material impact on its business, operations, or financial condition.
“Although we are in the early stages of assessing the incident, based on the information currently known, we do not expect the incident to have a material impact on our business, operations or financial condition.” continues the form.
AJG didn’t disclose a data breach, it is not clear if the ransomware operators have exfiltrated any customer or employee data during the attack.
The security researchers Troy Mursch, founder of the threat intelligence firm Bad Packets told Bleeping Computer via Twitter that AJG was using two F5 BIG-IP servers vulnerable to CVE-2020-5902, it is possible that ransomware operators exploited this flaw to target the company.
(SecurityAffairs – hacking, AJG)