Late last year Brace168 was engaged to respond to a ransomware attack to conducted incident response services. The ransomware in question was a previously unknown variant of ‘zusy’ malware delivered through a trojanised open-source software, Notepad++. On the day of the attack, Brace168 initiated a War Room to immediately respond to the situation and work towards isolating affected machines, updated user credentials, and curtail any remnants of the attack. Brace168 helped to restore services along with performing a comprehensive forensic investigation to understand the lifecycle of the breach from the insertion point to the delivery of the payload for improvements to the security of the customer environment.
The extent of this breach was widespread across this business and cost them in loss of service, loss of revenue and cost of restoration. This shows that prevention is better than cure and that regular security assessments are critical to identifying and preventing these types of attacks before they occur. Unfortunately, it’s not a matter of if, but when, and we urge all of our customers to do regular security assessments, not just for peace of mind but to protect yourselves from these catastrophic attacks.