Ransomware attack on property management company

Updated: Mar 10, 2020

Client National property management company with several office and apartment blocks.

Situation A ransomware application made its way in through an out-of-date fileserver that should have been updated. The attack took also took out all of the backups making a system restoration impossible.

Action CNS Risk conducted a Health Check and reviewed policies and procedures. They also recommended conducting monitoring and a review of O/365 and Azure rules as well as endpoint monitoring.

Results CNS Risk were able to show that the access was through the obsolete file server that the client's 3rd party IT company should have updated years earlier; and also, argued that paying the ransom was likely more good money after bad. The company re-built the systems from data fragments, replaced the compromised server and instituted new policies.

Duration 2 weeks

Resources Employed One lead investigator and Cyber Team (scanning the Dark Web for published data on the ransom, and the particular victim).