The Organization was a victim of a ransomware attack that encrypted its entire operational IT infrastructure. On the morning of July 10, 2020, the attackers gained access to four (4) workstations and between July 10 and July 19, 2020, the threat actor was able to compromise multiple servers, encrypting all information, and effectively holding the Organization?s operational data hostage. The ransom note indicted that data was exfiltrated, though it did not describe the data. The attack also resulted in the unauthorized access and downloading of certain information. The Organization was able to rebuild its systems and restore operations. The Organization communicated with the threat actor, eventually receiving a log of exfiltrated data and purported confirmation that all data was destroyed. By early October 2020, an outside IT forensics provider confirmed that the log was likely accurate and reflected the exfiltrated data.
P2021-ND-238
File Type:
pdf
File Size:
618 KB
Categories:
2021