Ransomware Attacks

Ransomware Attacks

We can perform log file analysis, uncover the attack’s entry point, build a timeline of events and help identify possible evidence of data exfiltration.

Responding to a Ransomware Attack

The number of ransomware attacks continue to rise year on year. According to the Verizon 2022 Data Breach Investigation Report there was a 13% increase in ransomware attacks and ransomware was involved in 25% of all breaches.

When a company falls victim to a ransomware attack the natural response is to wipe the infected machine and restore the data in order to get up and running again as quickly as possible. As a result, attackers will often use ransomware as a way to destroy any evidence of a data breach after they have extracted the data from the network.

It is therefore important for the company to conduct a thorough investigation even if the encrypted data cannot be recovered.

The purpose of the investigation is to preserve potential evidence in order to:

  • Identify how the system came to be infected with ransomware
  • Identify if any confidential data has been extracted from the system
  • Provide answers to the regulatory authorities and show you have taken reasonable steps to prevent a repeat
  • Preserve the data in case decryption keys are released at a later date

If you become a victim of a ransomware attack, how should you respond?

  • Do not shut down the infected devices
  • Disconnect the infected devices from network
  • Preserve logs such as Firewall, VPN, anti-virus logs or any other logs which can be saved
  • Document all information pertaining to the ransomware attack
    • Photo or copy of the ransom demand note/splash screen
    • Ransomware variant name if known
    • The file extension of encrypted files
    • The date and time of the attack
    • The file naming scheme for the ransom note/readme file left by attacker
    • Any email addresses or URL or other method provided by the attacker for communications
    • Required payment method/bitcoin addresses provided by the attacker
    • Ransom amount demanded if known

Contact us today to find out how we can help you solve your digital challenges.