Dealing effectively with Ransomware and Malware attacks in the real-world

Learning the lessons from the real-world malware incident suffered by Xchanging in 2020

22nd January 2021BlogAJ Thompson

Are you ready to get in touch?

Request a Call back

Defending against third-party cyber risks

Protecting an organisation against constantly growing and evolving cybersecurity risks is tough enough when it comes to just the systems and data on the internal network. Expanding the view to encompass all the connected business partners and suppliers makes the challenge significantly greater. Today, organisations must monitor their full exposure to cybersecurity risks not only on their own systems, but also across a complex network of partners and suppliers – and throughout the long chain of other third parties that those companies work with.

In addition, a relatively new class of systemic risk has emerged from the widespread adoption of shared cloud-based services. Large numbers of organisations across all sectors have replaced locally installed and managed business services with software-as-a-service solutions. A cybersecurity attack against one of these shared services providers therefore has the potential to expose multiple organisations – even entire industries – to the risk of data breaches, damage, or loss.

Real and present danger

The systemic supply chain security risk inherent in shared cloud-based services is not merely a theoretical scenario. During 2020, the UK insurance industry faced the risk of disruption from a real-world malware incident suffered by Xchanging, a major UK-based global supplier of technology-enabled business services to thousands of commercial insurance companies.

The Senior VP of Xchanging’s parent company documented the incident and his company’s (thankfully) rapid and competent response to the ransomware attack in a blog. The cybercriminal had accessed Xchanging’s systems two days before the attack, using a publicly available security testing tool to create a backdoor in Microsoft Windows and install malware. Once activated, the malware encrypted files, and the cybercriminal invited Xchanging to negotiate a ransom payment to unlock them. Unwilling to negotiate or make any payment, Xchanging swiftly notified the relevant authorities and set to work on shutting the attack vector and recovering its systems.

Major incident averted

It was fortunate for Xchanging that the attack took place on a Saturday, buying the company time to resolve the situation before the Monday re-opening of its clients’ London insurance offices. The Senior VP comments that Xchanging was able to “quickly isolate and neutralise the threat” without any damage to data – presumably thanks to a robust offline data backup policy. The Sunday was spent cleaning and restoring the affected environment, so that Xchanging was able to serve its clients as normal the following week.

Thanks to Xchanging’s vigilance and speed of response, there was no broader impact on the UK insurance market. As the Senior VP mentions, Emsisoft research suggests that the average downtime associated with critical systems hit by ransomware attacks is 16 days. If (or, more likely, when) the next attack on a supplier of shared services to the insurance industry takes place, will it be dealt with just as effectively? If the next ransomware victim is less well prepared, the industry would potentially be facing enormous damage.

To help organisations in all industries understand and protect against third-party cybersecurity risks, Northdoor offers RiskXchange, a sophisticated AI-driven solution that delivers a real-time 360-degree view across multiple degrees of relationship.

Download the UK Insurance Industry Cyber Risk Assessment Report 2021 and get an individual risk assessment for your organisation:

UK Insurance Industry Cyber Risk Assessment Report 2021

Complete this form to request your free personal copy of the UK Insurance Industry Cyber Risk Assessment Report 2021, and get an individual risk assessment for your organisation.

  • This field is for validation purposes and should be left unchanged.
Interested in seeing our Cyber Protection solutions in action?

Request a demo or contact sales on: 0207 448 8500

Find Out More

Our Awards & Accreditations