Client A large property management company developing offices and apartment blocks in Central & Eastern Europe.
Situation A ransomware application made its way in through an out-of-date fileserver that should have been updated. The attack also eliminated all of the backups making a system restoration impossible.
Action CNS Risk conducted a Health Check and reviewed policies and procedures. We also recommended conducting monitoring and a review of O/365 and Azure rules as well as endpoint monitoring.
Results CNS Risk were able to show that the access was through the obsolete file server that the client's 3rd party IT company should have updated years earlier; and also, argued that paying the ransom was not likely to restore the companies systems without continuing the attack. The company re-built the systems from data fragments, replaced the compromised server and instituted new policies.
Duration 2 weeks
Resources Employed One lead investigator and our cyber team (scanning the dark web for published data on the ransom, and the particular victim).