Conduent, a $4.4 billion by revenue (2019) IT services giant, has admitted that a ransomware attack hit its European operations — but says it managed to restore most systems within eight hours. Conduent, which says it provides services (including HR and payments infrastructure) for “a majority of Fortune 100 companies and over 500 governments”, was hit on Friday, May 29. “Conduent’s European operations experienced a service interruption on Friday, May 29, 2020. Our system identified ransomware, which was then addressed by our cybersecurity protocols.” Currently, the strain of ransomware used has not been named, but the Maze ransomware group has posted stolen PII to their dark web page. The ransomware is believed to be due to an unpatched Citrix VPN exploitation. Full story: https://www.cbronline.

Ransomware is indiscriminate and can affect all organisations of all sizes and across all verticals. As disruptive as it is, the majority of successful ransomware infections occur as a result of either phishing, or taking advantage of unpatched public-facing software. Therefore, these are areas in the security strategy that organisations should pay the most attention to. As criminals are no longer content with just encrypting data, during ransomware they try to actively exfiltrate data and sell it on – it becomes increasingly important that organisations prevent ransomware, recovery alone is not enough.