Industry: Insurance

A Monday morning nightmare

Situation :

  • One Monday morning, employees arrived at the office and opened their computers, only to find two text files on their screens. The first file stated that 500Gb of data was exported and that a ransom needed to be paid or else the files would be published on the dark web.  The second file listed all names of the exfiltrated files.  This included client lists and corporate financial information. 
  • The company ended up having to pay the ransom to retrieve their files but even with the key, unfortunately not all their files were recovered. 
  • We also had to reconfigure all their workstations from scratch which was a big expense.

Solution:

  • It was determined after investigation that the ransomware originated from the network. Present installed a SIEM solution which monitors for security incidents across all connected users, devices, and applications while identifying abnormal behavior as it is detected in the network.

Avantages:

  • The implementation of a SIEM makes it possible to now detect when a large amount of data is being copied and will trigger an alert and stop the process of any suspicious activity. 
  • The SIEM will detect and respond to both known and unknown security threats, including all external connection attempts, which offers the client peace of mind that they are now protected, considering how quickly the cybercrime landscape is evolving. 

Contact us to learn more on this case study