Deverg.global

View Original

A Cancer Research organisation affected by Ransomware

Erik Dvergsnes

Pharma and Research Industries are prime targets for ransomware attacks due to the amount of valuable and critical research data they hold.  

In addition to a potential ransom payment, Other critical and sensitive data, such as patient information, personal details, financial data, credit card details, etc., can be sold on dark web forums.  

Small and midsize businesses (SMBs) lack comprehensive cybersecurity, making them easy targets for malicious attacks.

The Challenge  

The Finance department of a cancer research organisation based in Germany received a ransomware demand on their finance server screen. The VP of Finance contacted their IT security team. The security team shut down the network and began investigating. The Finance department had no access to anything on the server or finance application (Star Money).  

The in-house IT security team support could not solve the issue, and cybersecurity expertise was needed to investigate and halt the attack.

  1. Data encrypted on the server

  2. Finance operation on hold

  3. Organization losing end client and supplier trust

  4. Compliance framework breached 

The Solutions  

The Business contacted Deverg for external support. Deverg assigned one of their expert consultants, who has helped other clients remediate ransomware attacks.  Deverg’s senior cyber security expert determined that the virus had entered the system as an email attachment that resembled an invoice. Once on the server, the virus searches for data to encrypt and then spreads to the rest of the network.  

Deverg’s senior cyber security expert quickly assessed the environment's risk and threat and identified the impacted areas based on NIST (800-53). After isolating the environment, a fresh server reinstallation was performed. Fortunately, during the risk assessment activities, Deverg identified the data backup at decentralised locations.  With the help of the application manager, Deverg has successfully restored all the backups with up-to-date invoice information.

 Roadmap defined by Deverg’s team:  

  • Zero Trust Implementation consultancy  

  • Incident response and disaster recovery planning  

  • Data backup planning and regular monitoring  

  • Patching and security updates  

  • Security awareness training to the whole organisation on phishing email  

  • Access controls architecture on critical systems  

  • Regular IT risk audit plan

The Result

By performing the risk assessment and restoring the server with all the relevant backups, Deverg helped the client resume financial operations without paying the hackers the ransom. Deverg provided a robust cyber security roadmap to mitigate future security challenges and achieve the business's Confidentiality, Integrity, and Availability (CIA).