Ransomware attacks are becoming one of the most effective and profitable forms of cyber-attack available to today’s digital criminal. And as data increasingly becomes a company’s most valuable commodity the sums being charged to release ransomed information are rising rapidly.
For Crawford’s clients, the ability to respond quickly and proactively to what can prove crippling attacks, particularly when inaccessible encrypted files mean critical operations are incapacitated, is vital – a fact that was demonstrated on two separate instances in the run-up to the festive holidays.
On 19 and 22 December, Crawford’s cyber team received two separate notifications relating to ongoing ransomware attacks affecting in the first instance an international manufacturing company with operations in the Middle East and Africa, and in the second a largescale media organization. In both cases, operations had been severely disrupted as a result of key data files being encrypted by the attackers.
In the case of the manufacturing company, the inability to access data meant it was unable to fulfill existing and process new orders. As a result, the organization’s insurer was facing a potential multi-million-pound business interruption claim.
In both situations, Crawford 24/7 cyber team triaged the incident based on the first calls with both companies. Given the nature of the event, a rapid response was critical as the deadline for payment to the attackers was imminent. Immediate advice was provided on disconnecting equipment from the internet, changing passwords and restricting access to data. IT forensic experts were able to work with the policyholders, taking multiple steps to prevent any further data loss as a result of the ransomware attack.
By gaining a rapid insight into the dynamics of each incident, Crawford was able to bring onboard a range of different specialists to address specific aspects of the attacks whilst controlling spend and mitigating both impact and exposure. These ranged from solicitors who were able to work with local regulatory authorities, to PR consultants to work on both internal and external communications.
Working directly with the IT teams of each company, Crawford was able to restore the data that had been encrypted, using files that had not been breached by the attackers to return them to fully operational status. Crawford maintained communication with both the policyholders and the insurers throughout the festive period, on many occasions conducting multiple conference calls in a 24-hour period, to ensure that every stage in the response process was on track.
The net result of the rapid-fire response and ability to bring in specialist teams to address different components of the attack was that both companies were able to carry on their business with minimal disruption and with no money being paid to the criminals – in both cases amounting to eight-figure ransom demands.
Having instant access to cyber specialists is essential in today’s increasingly cybercrime exposed working environment. This is particularly the case as companies transition to a post-COVID-19 world in which remote working will become the modus operandi for many organizations. To learn more about the range of cyber responses services that Crawford can provide, contact Paul Handy.
