Between May 26, 2021 and May 29, 2021, an intruder gained access to an employee?s Microsoft Office 365 account. The Organization later learned the employee had opened email attachments sent by a ransomware email. On May 29, 2021, a request was received from the employee?s compromised account for access to the Organization?s Finance SharePoint site. A manager followed up with the employee, who confirmed they had not requested access. On the same day, Microsoft sent two alerts for unusual volume of file deletion. On May 31, 2021, the Organization?s IT coordinator followed up with the employee, who confirmed they had not moved or deleted any files. On June 2, 2021, the Organization received a ransom demand threatening to release the Organization?s data.
P2021-ND-311
File Type:
pdf
File Size:
620 KB
Categories:
2021