P2021-ND-041

On or about July 1, 2020, an email phishing attack was carried out against a former employee who was working for the Organization in a consulting capacity. As a result of the attack, a threat actor gained unauthorized access to the Organization’s network(s). On or about July 31, 2020, the threat actor gained access to the Organization’s servers and domain controller. The incident was discovered on August 9, 2020 when IT staff found malicious text files with links to a website demanding ransom payment, in exchange for a decryption key and deletion of affected files. Between discovery of the incident on August 9, 2020 and September 9, 2020, the Organization investigated the credibility and claims of the threat actor.
? Amid the Organization’s investigation, the attacker threatened to disclose a portion of the records. Between August 16, 2020 and August 19, 2020, the threat actor proceeded to publish blocks of exfiltrated data to the dark web.
? The Organization downloaded the records on August 20, 2020 and began analyzing the dataset to determine what data elements were impacted. Their analysis concluded on September 9, 2020, approximately 70 days after the suspected date of initial breach on July 1, 2020.
? On February 22, 2021, the Organization reported that the personal information remains on the dark web despite efforts, with law enforcement, to remove them from public availability.

File Type: pdf
File Size: 612 KB
Categories: 2021