On March 17, 2021, the Organization learned it was the victim of a ransomware attack, although the initial access appears to have been on January 6, 2021. The source of the intrusion appears to be when an employee provided their domain credentials in response to a phishing email and approximately 8 hours later, the attacker accessed the network remotely using the compromised domain credentials of this employee. It does not appear the attacker engaged in actual data theft until approximately March 10, 2021 and did not copy ransomware onto the network until approximately March 17, 2021. On March 18, 2021, an email was received by various members of the executive leadership team that appeared to be from the attacker. On April 8, 2021, the Organization confirmed that it was the victim of a sophisticated, illegal ransomware attack, which resulted in hackers gaining access to employee files containing personal information. The Organization reported that it was unable to determine with absolute certainty the full scope of the personal information actually accessed.
P2021-ND-150
File Type:
pdf
File Size:
616 KB
Categories:
2021