Issue:
CRA’s Forensic Services Practice client faced a formidable set of business, legal, and operational challenges when it was contacted by the Russian-affiliated cyber ransomware group Cl0p, which demanded a huge ransom payment in exchange for promising not to post the stolen data on the web. Cl0p claimed to have exploited a critical zero-day vulnerability present in an enterprise managed file transfer solution being used by our client and its business partners.
Action:
Our team was swiftly retained to launch three critical work streams:
- Systems Assessment: to determine if there was any compromise beyond the file transfer utility.
- Data Analysis: to confirm the nature and extent of the stolen data and analyze it (with guidance from counsel) to identify who needed to be notified under various applicable laws.
- Support a “No Ransom Payment” response: our client was opposed to making any kind of ransom payment and needed our help to recover quickly, thereby obviating the need for such a payment.
Impact:
- Incident Containment: leveraging proprietary methodologies, we immediately isolated affected systems to prevent further data exfiltration or compromise.
- Forensic Investigation: our team conducted a meticulous examination of attack vectors and malware, concluding that no backdoors were left behind.
- Data Recovery: we assisted our client in recovering critical data, and ensuring its integrity remained unaltered during the incident.
- Communication Strategy: working closely with our client and its external communications firm, we assisted with the development of a factually accurate, transparent communication strategy.
- Data Mining: we conducted programmatic searches and AI-assisted managed reviews to generate detailed customer notification lists.
The engagement was co-led by Kristofer Swanson, Vice President and Forensic Services Practice Leader and Aniket Bhardwaj, Vice President with invaluable support from Carlo Lakay, Principal and Miri Davidson, Principal, along with Bharadhwaj Subramanian, Yung Han Yoon, Riley Burningham, and David Lee.