Multiple DXC Technology customers are down following a ransomware attack against a part of the company that sells insurance industry software.
The company said it is taking “containment” measures to ensure the virus does not spread beyond the subsidiary.
“The company has implemented a series of containment and remediation measures to resolve this situation,” the business process outsourcing company said in a statement. “DXC is actively working with affected customers to restore access to their operating environment as quickly as possible. DXC is also engaging with law enforcement and appropriate cyber agencies.”
The attack targeted “certain systems” of Xchanging, an insurance managed services business, which DXC said operates on a stand-alone basis. DXC said it is “confident” that the ransomware was isolated to this business and did not infect other systems.
Xchanging is a UK-headquartered business whose Melbourne operations focuses on insurance industry software and workers compensation services.
The company has other branches across Europe, Asia and the US that provide services like HR, accounting, technology, customer administration and more, but the Australian operations is the only branch that specialises in Insurance and Procurement.
DXC is the latest enterprise-grade solution provider to get hit by ransomware hackers—who have seemingly stepped up attacks against larger targets this year—following Cognizant, which was struck in April, and Conduent, which was hit in May. Xerox also said it was attacked last week.
Cognizant has been forthcoming about its ordeal, telling investors that it could cost between $50 million to $70 million to clean up the damage following a Maze ransomware attack against its systems. That attack cut off internal communications between some employees who had just switched to working remote, leaving them unable to reach customers for a time, and prompting them to use other means of communications, the company said.
Conduent said the May 29 attack—which used the Maze ransomware—was centered on the company’s operations in Europe. Maze is a particularly insidious form of ransomware that steals the data it encrypts and then holds it hostage.
In the Conduent attack, Maze hackers appear to have published two ZIP files that contain documents related to the company’s work with Vodafone in Germany. The files were released Wednesday on a site that publicises Maze attacks.