P2021-ND-199

On February 18, 2021, the Organization?s Information Technology (IT) staff found maliciously encrypted files while troubleshooting IT infrastructure that was not operating properly. Investigation of the incident determined that suspicious network activity began on February 12, 2021, when an unauthorized party appeared to be logging in and testing credentials. The unauthorized party deployed ?hacking tools? on February 16 and 17, 2021. Lastly, a ransomware attack was deployed on February 18, 2021. Attempts to attack the environment continued for several days, but were blocked by the Organization. The Organization reports that the unauthorized third party copied and removed data from their systems.

File Type: pdf
File Size: 628 KB
Categories: 2021