Arthur J. Gallagher (AJG) insurance giant discloses ransomware attack

US-based Arthur J. Gallagher (AJG) insurance giant disclosed a ransomware attack, the security breach took place on Saturday.

US-based Arthur J. Gallagher (AJG) global insurance brokerage firm confirmed that it was his with a ransomware attack on Saturday, September 26. The company did not provide technical details about the attack, it is not clear how the ransomware operators breached the company and which is the family of malware that infected its systems.

According to the company profile, AJG has 33,300 employees and operates in 49 countries offering client-service capabilities in more than 150 countries around the world.

The company is currently ranked 429 on the Fortune 500 list.

The IT staff at the company detected the ransomware attack the same day, it added that only a “limited portion” of its internal systems was impacted and its operations were apparently not impacted.

“On September 26, 2020, Arthur J. Gallagher & Co. (the “Company”) detected a ransomware incident impacting a limited portion of our internal systems.” reads the 8-K form filed by the company with the U.S. Securities and Exchange Commission (SEC) on September 28th,

“We promptly took all of our global systems offline as a precautionary measure, initiated response protocols, launched an investigation, engaged the services of external cybersecurity and forensics professionals, and implemented our business continuity plans to minimize disruption to our customers”

The company is restarting its business systems and is investigating the incident. AJG added that it doesn’t expect the incident to have a material impact on its business, operations, or financial condition.

“Although we are in the early stages of assessing the incident, based on the information currently known, we do not expect the incident to have a material impact on our business, operations or financial condition.” continues the form.

AJG didn’t disclose a data breach, it is not clear if the ransomware operators have exfiltrated any customer or employee data during the attack.

The security researchers Troy Mursch, founder of the threat intelligence firm Bad Packets told Bleeping Computer via Twitter that AJG was using two F5 BIG-IP servers vulnerable to CVE-2020-5902, it is possible that ransomware operators exploited this flaw to target the company.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, AJG)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.