The global brokerage firm disclosed the cyberattack in its most recent filing to the SEC
The global insurance, risk management, and consulting firm Arthur J. Gallagher announced that it had suffered a ransomware attack late last month. After seeing this first reported in the Insurance Journal, Agency Checklists reviewed the disclosure made in the company’s most recent Form 8-k filing to the Securities and Exchange Division. It states the following:
“On September 26, 2020, Arthur J. Gallagher & Co. (the “Company”) detected a ransomware incident impacting a limited portion of our internal systems. We promptly took all of our global systems offline as a precautionary measure, initiated response protocols, launched an investigation, engaged the services of external cybersecurity and forensics professionals, and implemented our business continuity plans to minimize disruption to our customers.
As of the date hereof, we have restarted or are in the process of restarting most of our business systems. Although we are in the early stages of assessing the incident, based on the information currently known, we do not expect the incident to have a material impact on our business, operations, or financial condition.”
Treasury Department issues advisory on Ransomware responses in honor of Cybersecurity Awareness Month
In commenting on the rise of ransomware attacks and on the heels of the Arthur J. Gallagher’s announcement, the U.S. Treasury Department recently commented and offered its guidance to companies on how to handle a potential ransomware attack in honor of National Cybersecurity Awareness Month.
“Cybercriminals have deployed ransomware attacks against our schools, hospitals, and businesses of all sizes,” said Deputy Secretary Justin G. Muzinich. “Treasury will continue to use its powerful tools to counter these malicious cyber actors and their facilitators.
As part of that effort, the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an advisory, entitled ‘Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments’ to provide information on the role of financial intermediaries in payments, ransomware trends, and typologies, and related financial red flags. The report also outlines the procedures for effective reporting and sharing information regarding a ransomware attack.
The Treasury’s Office of Foreign Assets Control (OFAC) has also issued an advisory, entitled “Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments,” to highlight the sanctions risks associated with facilitating ransomware payments on behalf of victims targeted by malicious cyber-enabled activities.