P2021-ND-181

On September 27, 2020, the Organization was the victim of a ransomware attack. The incident was discovered the same day when employees were unable to remotely access some systems. The attacker used compromised account credentials to access the Organization?s network over a VPN and then deployed post-exploitation tools and ransomware. The attacker encrypted a number of the Organization?s servers, PCs, and exfiltrated data. Exfiltrated records were published on the dark web for four days prior to being taken down.

File Type: pdf
File Size: 612 KB
Categories: 2021