A professional services firm with a high number of contractors faced a ransomware attack on their cloud virtual servers, with criminals encrypting their files and demanding money. Notion Digital Forensics was called in by the firm’s new IT Managed Service Provider (MSP) to investigate the breach, determine if any data was taken, assess the extent of the damage, and identify the potential cause of the breach.
Objective
Determine the extent of the data breach, confirm if files were exfiltrated by the criminals, and identify whether the breach was caused by a contractor, the previous MSP, or unimplemented security protocols due to the client’s new status with the current MSP.
Approach
- Collaborate with the new MSP to assess the situation and gather any available information.
- Apply advanced forensic techniques to determine whether files were taken during the breach and the extent of the data exfiltration.
- Investigate the potential causes of the breach, including the involvement of contractors, the previous MSP, or unimplemented security protocols.
Results
- Confirmed that a large number of files were exfiltrated during the breach.
- Provided the professional services firm with the necessary information to meet their notification obligations.
- Assisted the new MSP in understanding the extent of the breach and identifying the cause, which enabled them to take appropriate actions and plan their next steps to remediate the situation.
Conclusion
Notion Digital Forensics successfully investigated the ransomware attack and data breach on the professional services firm’s cloud virtual servers. Through the use of advanced forensic techniques, Notion was able to confirm that files were indeed exfiltrated by the criminals and identify the potential cause of the breach. This information proved valuable for both the professional services firm and their new MSP in meeting legal obligations, taking appropriate actions, and planning remediation efforts.
