Customer Requirements: Ransom demand to a financial company (Dec 2019)
Late Thursday night, a call was received from the CISO of a large financial services company with a market value of over a billion dollars. He stated that he’d received a ransom demand threatening to leak privileged internal corporate information unless $1 million was paid within 48 hours. As an Incident Response Team, we packed our unique ‘jump bag’ and rushed to the company headquarters. Our Intelligence & Negotiation Team discovered that the attacker had advertised the privileged internal information “for sale” on dark web forums. To show just how serious they were, the attackers included a customer’s private account balance, a value updated to the internal CRM just a day prior. The Team initiated contact with the attackers. OP Innovate’s Incident Response Manager realized that the attackers may have a real-time foothold in the company’s systems so the Team began to search for indicators of the attackers’ persistence. They also sought to minimize exposed systems and recover normal business operations. Eventually, the organization’s CEO announced that this incident had been a top secret drill prepared by the company’s Board of Directors. This simulation was critical to demonstrate that the organization’s IT team could handle a serious incident with potentially far-reaching consequences to the organization’s reputation, under the pressures of a crisis situation.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.