Skip to main content

In the world of cybersecurity, incident response is a crucial process that requires precision and expertise. A significant example of an effective intervention by Cyberoo Incident Response Team is the case of a well-known consultancy firm hit by a ransomware attack.

The cyber attack

It all started when cyber criminals launched a ransomware attack, encrypting all the company’s virtual machines (VMs) and destroying backups. This completely paralysed business operations, leaving the company in a state of stalemate.

Initially, the company contacted its system integrator, who delegated the Incident Response activity to a group company. However, the support received was limited to explanations of how the offence had occurred, without offering any concrete solutions.

Cyberoo intervention

Not satisfied with the initial response, the company decided to contact Cyberoo for further discussion. Given the seriousness of the situation, Cyberoo Incident Response team was immediately engaged with the objective of recovering the data from the VMs, despite the complexity of the encryption imposed by the ransomware.

The task was not easy: the cryptographic scheme used by the attackers was advanced, with high entropy values that made data recovery extremely difficult. However, with our intervention, the operation was completed in a few days with extraordinary results.

Data Recovery

The team was able to recover the management databases and over 90 per cent of the documents on the file server. This success allowed the company to get back up and running with most of the data restored to a few moments before the attack. Customer satisfaction was immense, so much so that numerous thank-you e-mails and phone calls were received.

Lessons learned

This case highlights the importance of a scientific and systematic approach to managing IT security incidents. The ability of an Incident Response team to apply specialised knowledge and advanced techniques is crucial to mitigate the effects of an attack and ensure business continuity. It is a real race against time that requires dedication and the ability to never give up.

In conclusion, the successful handling of this incident demonstrates that, even in the face of complex threats, it is possible to adopt recovery strategies that minimise losses and restore business functionality. This example serves as a reference for organisations seeking to improve their resilience against cyber threats.

 

By Andrea Coli – Incident Response Specialist, CYBEROO