Incident Restoration and Remediation

If you are under attack, reach out for a completely free 30 minute initial call. We will attempt to provide some immediate advice to minimize the impact your organization is undergoing. If you are interested in proactive or retainer services, please email us and we would be pleased to work with your team to right-size a service offering that your business can benefit from.

CYPFER can help restore your business by using this simple approach to restoration:

  • Containment
  • Identification of where the attack started
  • Reconfigure and rebuild the network stack
  • Reconfigure and rebuild server stack
  • Reconfigure and rebuild application stack
  • End-to-end project management expertise

Cyber-attacks are conducted by people. Majority of attacks are not automated in the sense that there is a person and sometimes multiple people working together to bring your organization down to its literal knees. These criminals have evolved over the years to utilize more efficient methods of attacks, and also impact. The criminal industry has realized that organizations are willing and able to make sigificant payments to get back to operations in the quickest possible manner and as ransom payouts increased, the criminals have “re-invested” some of these profits in streamlining and optimizing their operations.

Barriers to entry do not exist and hence the number of criminals is on the rise and so are the number of attacks. Some of the more common attack types are noted below:

Ransomware Attack

Cyber-criminals attack organizations indiscrimentaly where the majority of attacks are financially motivated. In all likelihood, by the time your staff walks in the front-door they will discover majority of systems are encrypted and unusable and backups are impacted or deleted. Data theft (exfiltration) is observed in more than 90% of cases. These cyber-criminals tend to leave a note on systems with information on how to contact them to negotiate a settlement or else the business will lose access to data and stolen data is likely to get published.

CYPFER can help your business recover from RANSOMWARE attacks by deploying spcialized teams to preserve key evidence for further investigation while rapidly restoring your environment to an operational state and minimizing business interruption costs.

If negotiations and payment facilitation services are required, we can work with your business managers to deliver second-to-none such services.

If your company is impacted by ransomware, contact us right away as in many cases there are deadlines set by threat actors before information about the attack is leaked to the public.

Website Compromise Attack

Cyber-criminals attack organizational portals and websites as these assets typically allow for public access and may contain access to a lot of Personally Identifiable Information (PII), Personal Health Information (PHI) or Payment Card Information (PCI). A compromise of these assets can be devestating to a business as revenues may be impacted, individual information might be stolen, fines associated to regulatory or compliance frameworks might apply, and litigation risk is significant. CYPFER can help your organization recover by identifying the attack vector, closing the gap, and assisting you in either restoring systems or migrating to a secure platform. In cases where extortion demands are received, we can negotiate on your  behalf and provide payment facilitation services.

Malicious Insider Attack

Disgruntled employees, industrial espionage are some of the scenarios where an attack can originate from within your business. CYPFER has an extensive experience in managing and investigating such events and in a number of cases CYPFER project teams were able to identify the culprit and in co-operation with law enforcement such individuals were apprehended and criminal charges were successfully executed.

Extortion Attack

CYPFER has handled some of the most complex extortion attacks from around the globe. An extortion event may occur where threat actors conduct a campaign against a particular organization, its digitial assets and in some cases even virtual currency reserves or wallets and where a certain outcome has been achieved where suppression of publication or return of stolen assets is required. In majority of cases the motivation is financial but not in all cases. We have handled extortion related to family disputes, business disputes, crypto-currency theft, intellectual property theft, and even bullying.

Where it comes to digital attacks, time is of the essence. Do not attempt to negotiate directly with threat actors as negotiations may have complexities that only experienced personnel are aware of. In addition, incomplete negotiations or restoration activities may leave your business at risk of subsequent extortion or repeat attacks.

Important information to identify as part of investigations include the questions below:

  • How did it happen? (Attack vector identification)
  • Who was the first? (ldentification of patient-zero)
  • Are the criminals still in my environment? (Dwell time minimization)
  • What did the cyber criminals do? (IOC collection and artifact analysis)
  • Did the cyber criminals leave anything behind? (Persistence mechanism removal)
  • Can I get back to operations? (System, Application and Network restoration)
  • We need some guidance! (Full project management support)

CYPFER’s incident response and restoration methodology is rapid, and serves to minimize follow-up risk.