Security Affairs
U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Arthur J. Gallagher (AJG) insurance giant discloses ransomware attack

US-based Arthur J. Gallagher (AJG) insurance giant disclosed a ransomware attack, the security breach took place on Saturday. US-based Arthur J. Gallagher (AJG) global insurance brokerage firm confirmed that it was his with a ransomware attack on Saturday, September 26. The company did not provide technical details about the attack, it is not clear how the ransomware […]

Reynolds ransomware uses BYOVD to disable security before encryption ransomware

US-based Arthur J. Gallagher (AJG) insurance giant disclosed a ransomware attack, the security breach took place on Saturday.

US-based Arthur J. Gallagher (AJG) global insurance brokerage firm confirmed that it was his with a ransomware attack on Saturday, September 26. The company did not provide technical details about the attack, it is not clear how the ransomware operators breached the company and which is the family of malware that infected its systems.

According to the company profile, AJG has 33,300 employees and operates in 49 countries offering client-service capabilities in more than 150 countries around the world. 

The company is currently ranked 429 on the Fortune 500 list.

The IT staff at the company detected the ransomware attack the same day, it added that only a “limited portion” of its internal systems was impacted and its operations were apparently not impacted.

“On September 26, 2020, Arthur J. Gallagher & Co. (the “Company”) detected a ransomware incident impacting a limited portion of our internal systems.” reads the 8-K form filed by the company with the U.S. Securities and Exchange Commission (SEC) on September 28th,

“We promptly took all of our global systems offline as a precautionary measure, initiated response protocols, launched an investigation, engaged the services of external cybersecurity and forensics professionals, and implemented our business continuity plans to minimize disruption to our customers”

The company is restarting its business systems and is investigating the incident. AJG added that it doesn’t expect the incident to have a material impact on its business, operations, or financial condition.

“Although we are in the early stages of assessing the incident, based on the information currently known, we do not expect the incident to have a material impact on our business, operations or financial condition.” continues the form.

AJG didn’t disclose a data breach, it is not clear if the ransomware operators have exfiltrated any customer or employee data during the attack.

The security researchers Troy Mursch, founder of the threat intelligence firm Bad Packets told Bleeping Computer via Twitter that AJG was using two F5 BIG-IP servers vulnerable to CVE-2020-5902, it is possible that ransomware operators exploited this flaw to target the company.

https://twitter.com/bad_packets/status/1310989248380547072
[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, AJG)

[adrotate banner=”5″]

[adrotate banner=”13″]