skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.

Omdia view


IT service provider DXC announced earlier this week that its Xchanging subsidiary is facing a ransomware attack. This is the latest in a series of exploits against major business process outsourcing (BPO) providers and shows ransomware is again the number-one threat vector as the world grapples with the coronavirus.

Ransomware is resurgent

To be fair, ransomware never really went away, but in 2018 it was momentarily overtaken by cryptomining as the attack vector du jour of cybercriminals. It skyrocketed again in 2019, however, with broker Aon and incident response provider Beazley reporting an increase of over 130% in attacks that year, followed by a further 20% so far in 2020. With large swathes of the planet working from home during the COVID crisis, a huge economic downturn, and a pressing need to keep the business running wherever possible, there has never been a better time to demand ransom from cash-strapped enterprises and their overworked IT departments.

DXC is the IT services heavyweight created in 2017 by the merger of Computer Sciences Corp (CSC) and the Enterprise Services division of HPE. From its CSC precursor, DXC inherited Xchanging, a UK-based provider of IT and business services to the commercial insurance industry, which CSC had acquired the previous year, and which operates as a standalone subsidiary. Xchanging has partnerships with industry majors including Lloyd’s of London, Deutsche Bank, Aon, and Allianz GI.

Without naming the particular strain of ransomware used, DXC announced that Xchanging, though not the parent company, was under attack, and that “containment and remediation measures” had been implemented to address the situation. News reports suggest that dozens of Xchanging customers have seen their operations disrupted by the attack, and DXC’s stock price took a hit on the New York Stock Exchange after it made the announcement.

This is only the latest in a series of ransomware attacks on big-name BPO vendors this year. In April India’s Wipro and, in the US, Cognizant were hit, with the Cognizant attackers using Maze, a widely used Windows ransomware. In May it was the turn of Conduent, another US firm, which saw its European operations targeted, again with Maze.

A COVID-related pattern starts to emerge. So, what can an organization do, particularly one that finds itself in the crosshairs of the threat actors? Rather like washing your hands and wearing a mask, good cyber hygiene is clearly a first step. Alignment to standards such as the Cybersecurity Foundation (CSF) from NIST, or the more specific ones such as NIST 800-171 and the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC), is a good place to start. Get your people and processes in order, then consider the technology needed to deliver the security you require.

It is perhaps a churlish point but worth mentioning nonetheless that the attack on Xchanging comes after reinsurance broker Willis Towers Watson said last November that premiums on cyber insurance had risen between 5% and 10% in the second half of 2019, driven precisely by losses from ransomware attacks. So perhaps Xchanging’s misfortune will indirectly be a longer-term benefit to some of its customers but it’s an ill wind that blows nobody any good.



Rik Turner, Principal Analyst, Cybersecurity

[email protected]

Recommended Articles