TSG was engaged by an incident response partner to help in addressing a ransomware attack that the client was currently facing. Notably, TSG had already been delivering managed support services to the client prior to this incident.
The Scenario
The scope of TSG’s engagement encompassed the following key activities in response to the ransomware attack:
- System Evaluation: TSG conducted a comprehensive assessment of the client’s systems and environments to identify areas affected by the compromise.
- Containment Measures:Upon identification of the compromised areas, TSG promptly implemented targeted containment measures, including the shutdown of systems and accounts associated with the threat actor.
- Recovery and Restoration: TSG initiated the process of restoring and recovering the impacted systems, notably including the client’s critical stock management system and web catalog, which were essential for maintaining the client’s business operations. Although there was a brief period of manual consolidation required during this process, TSG ensured the swift recovery of these systems.
The Impact
Fortunately, the client was adequately prepared for such incidents through the presence of cyber insurance coverage, which facilitated the cost coverage for ransomware removal and system recovery.
This restoration process spanned a two-week duration, during which the client had to resort to manual processes for order processing, resulting in additional overhead expenses associated with updating the affected systems post-breach.
It is noteworthy that this incident marked the second instance of a cyber attack on the client, underscoring the importance of implementing robust technical security controls, as repeated breaches significantly amplify the risk of further attempts.
The Cost
TSG’s dedicated efforts over 14 days amounted to an estimated cost of approximately £50,000, excluding expenses related to the incident response partner.
Furthermore, the client incurred expenses associated with updating their stock systems, EPOS (Electronic Point of Sale) systems, and web catalogue during the downtime.