We are pleased to bring readers our latest detailed technical paper. This report results from the work of Gridware’s Incident Response Team on a particularly challenging and interesting case.
Gridware’s Incident Response team was notified that a victim organisation was compromised with LockBit ransomware.
Ransom notes were left demanding payment in exchange for the decryption keys.
Gridware was engaged to carry out containment activities and conduct an investigation of the incident to assess both a) the original point of entry into the network and b) the potential for data exfiltration to have occurred.
Because the threat actor deleted all of the backups, the victim chose to pay the ransom to acquire all three decryption keys in order to recover critical data from compromised systems.
While Gridware would not recommend that the ransom is paid, in this case, the data that was lost was critical to ensuring that the victim could continue to operate and minimise the business impact.
We outline our work on this particular in detail in this technical paper – you can download it below.
Bethany Cooper is an Incident Response Manager at Gridware Cybersecurity with a passion for cybersecurity. While still at university, she started working in Gridware’s incident response team and was dedicated to battling evil in cyberspace. After completing the SANS FOR508 course and attaining her GCFA certification, her recent research has focused on the motivations and techniques of Advanced Persistent Threat (APT) groups and malware reverse engineering.