Joint rapid ransomware response and recovery operation for an Australian business

A complex Australian business fell victim to a ransomware attack, which halted their production. They also had some uncertainty about how effective their backups were. Notion Digital Forensics was contacted to provide guidance and expertise, working alongside the company’s IT teams, MSP (Managed Service Provider), and MSSP (Managed Security Service Provider) to quickly recover from the incident.

Objectives

1. Provide leadership and guidance based on “NIST Special Publication 800-61, Computer Security Incident Handling Guide” and Notion Digital Forensics Procedures (NDFP).

2. Conduct rapid forensic analysis on affected servers to identify and eliminate malware.

3. Collaborate with the company’s IT teams, MSP, and MSSP to expedite recovery and return to normal operations.

Approach

Notion Digital Forensics worked closely with the company’s specialist IT teams, MSP, and MSSP, providing leadership and expertise in handling the ransomware incident. We utilised a networked forensics system to perform fast forensic analysis on approximately 100 servers and workstations, swiftly tracking down malware infections.

Results

By leveraging our experience in incident response, we were able to reduce guesswork and guide the company’s IT teams, MSP, and MSSP, enabling them to get back online sooner than expected. While it’s possible that the company could have resolved the issue eventually, our involvement significantly accelerated the recovery process.

The teams appreciated Notion Digital Forensics’ professionalism and input during the incident response. Our expertise in leading incident response events and collaboration with the client’s IT teams, MSP, and MSSP proved invaluable in restoring operations quickly and efficiently, ultimately minimising the business impact of the ransomware attack.