Professional Documents
Culture Documents
Group 10 - Mircom Technologies LTD
Group 10 - Mircom Technologies LTD
Group 10 - Mircom Technologies LTD
TECHNOLOGIES LTD.
RESPONDING TO
A R A N S O M WA R E
AT TA C K
CEO receives message regarding possible intrusion on the IT infrastructure
IT department stretched
- New ERP implementation
- Fiscal year end, highest sales month
- Departure of CIO
21 Sept.
Sat - Discovery of unknown file in the system with all data and
backup encrypted. Ransom demand for recovery.
- Chat link to communicate over Darkweb
The Attack
One on one meeting with HOD's & board members and explains
the gravity of the situation.
Mircom contacts Royal Canadian Mounted Police(RCMP)
and York regional police(YRP)
First Line of
Defence CEO gathers incident response team, start working on a
solution meanwhile social media network used as
comm. channel.
Cyber-security specialist based in Israel contacted.
History
Originally Estd 1961 Fire Detection
22 Sept.
by Antonio Falbo to Building Automation
manufacture Intercomm Building Security
systems Facility Supervision SaaS
Sun
Org Customers
Background
Users in 100+ Airports Commercial
countries Hospitals Residential
Stadiums Industrial
Malicious software encrypting files, rendering
them inaccessible
Sun
To decrypt files, attackers demand 'ransom' which is
generally paid in cryptocurrency to avoid traceability
Ransomware
23 Sept. Focused
Efforts
Jason leads IT recovery efforts,
prioritizing restoration of critical systems
like Active Directory and email servers.
Mon Communication
A WhatsApp group "Business
All Hands
Continuity" is established for stakeholder
Channels communication, ensuring transparency
and collaboration.
23 Sept. Resource
Allocation
Additional IT support is hired promptly to
expedite recovery, addressing resource
shortages and emerging challenges.
Mon Problem
Ongoing efforts focus on promptly
on Deck
Urgent Response Focused Communication Channels Expert Stakeholder Resource Allocation Problem
Efforts Consultation Engagement Resolution
Where to negotiate?
Tue
Time to Negotiations
Negotiate 10x
Expected Option 3 Reasonable &
Ransom Negotiate to Business-Like
buy time Negotiations
Plus
Accessible
Tue processes
Time to Minus
Inaccessible
Negotiate
IP Source Code Digital Assets Data
CLEANING HARDWARE BACKEND UPGRADATION
800 machines
Wed
Signs of A Business Decision – CUSTOMER FIRST
Progress Problem
Customer sites are down
Internal IT Team
Wed
Signs of BUSINESS-WITHIN-A-BUSINESS
Progress Get a few dozen people working on a new clean network with clean
equipment
Sat
• Manual entry of last two weeks' transactions by staff.
for a Change
Next Overcoming the Aftermath
• Full operations by Oct 7, including ancillary functions.
Weeks
Reflection