Investigating Data Breach and Ransomware Attack on a Professional Services Firm with Multiple Contractors

A case study on work that Notion Digital Forensics have completed.

A professional services firm with a high number of contractors faced a ransomware attack on their cloud virtual servers, with criminals encrypting their files and demanding money. Notion Digital Forensics was called in by the firm’s new IT Managed Service Provider (MSP) to investigate the breach, determine if any data was taken, assess the extent of the damage, and identify the potential cause of the breach.


Determine the extent of the data breach, confirm if files were exfiltrated by the criminals, and identify whether the breach was caused by a contractor, the previous MSP, or unimplemented security protocols due to the client’s new status with the current MSP.


  1. Collaborate with the new MSP to assess the situation and gather any available information.
  2. Apply advanced forensic techniques to determine whether files were taken during the breach and the extent of the data exfiltration.
  3. Investigate the potential causes of the breach, including the involvement of contractors, the previous MSP, or unimplemented security protocols.


  1. Confirmed that a large number of files were exfiltrated during the breach.
  2. Provided the professional services firm with the necessary information to meet their notification obligations.
  3. Assisted the new MSP in understanding the extent of the breach and identifying the cause, which enabled them to take appropriate actions and plan their next steps to remediate the situation.


Notion Digital Forensics successfully investigated the ransomware attack and data breach on the professional services firm’s cloud virtual servers. Through the use of advanced forensic techniques, Notion was able to confirm that files were indeed exfiltrated by the criminals and identify the potential cause of the breach. This information proved valuable for both the professional services firm and their new MSP in meeting legal obligations, taking appropriate actions, and planning remediation efforts.

About Notion Digital Forensics

Notion Digital Forensics are technical experts in cybersecurity, e-discovery, and digital forensic investigation and cyber-defence for business and lawyers.

Other Case Studies

Get expert advice for your case. Contact us now

or phone us on 02 8006-0855

Important Notice

Preserving Confidentiality

The case study presented above is based on real events. To protect the identities of the parties involved, we have altered certain facts and details. These changes may be minor or significant and may include the inclusion of false information. Our aim is to maintain confidentiality for those involved.

Seek Customized Advice

Cybersecurity and digital forensics are specialised fields with various options and trade-offs. The information provided on this website may not be applicable to your specific situation. It is highly recommended that you seek tailored advice from an expert before taking any action. We are cyber security specialists, but we may not be your cyber security specialists. Seek professional advice.