The Crypsis Methodology
Locate the initial point of compromise, determine the scope and severity of the breach, and determine the potential business impact and risk.
Restrict the threat actor’s ability to operate in the environment, minimize further damage to the organization, and to develop a custom containment strategy that recognizes operational requirements.
Eliminate the threat actor from the environment and improve the organization’s security posture to mitigate the impact of future breaches.
Data Sheet: Data Breach Response
Do you suspect your network is under attack? Crypsis exerts have deep experience in responding to some of history’s most notorious data breaches – from government and corporate espionage to the theft of credit card information by cyber criminals and high profile ransomware attacks.
When we are called in to respond to a cyber security incident, we immediately put in place a trusted advisor who guides the client through the initial steps that must be taken to determine whether an attack has occurred and how the attacker gained entry, to block further access, and determine the severity of the breach.
Once the network is secured, Crypsis can perform a more precise forensic investigation to understand which data is at risk and how to protect it from further intrusions.
Crypsis consultants worked on behalf of a financial services client where a threat actor compromised the institution’s network, gained access to investor data, and threatened to release it to the public unless the client made a payment of several million dollars. Our consultants determined how the threat actor gained access to the victim’s network, identified and removed the backdoors the attacker left behind, and identified the exact nature of the stolen investor data.
How and why did this happen? Our elite corps of cyber investigators knows where to look for actionable data within your digital environment – laptops, workstations, servers, USB drives, network storage, email systems, cloud storage, hard drives, and custom application data. We will identify the root cause of an incident by peeling back the layers to determine the size and scope of the incident, what data is at risk, and where the threat came from. And when investigations end up in legal proceedings, we serve as technical advisors to our clients’ legal team, advising counsel during depositions and testifying in court.
Members of the Crypsis team worked on behalf of a public university to provide in-depth forensic analysis of multiple network intrusions involving the potential breach of sensitive data held by the university. Our experts co-authored reports for university personnel with their findings, including analysis of the methods of the compromises, the intent of the intruders, and the intruders’ access to confidential data.
Your system just got hit with a ransomware attack and your files are now locked up. How do you respond to this crypto-extortion? Our ransomware experts will work to reverse-engineer the malware that infected your system and try to recover your data. And if you decide it is better to just pay the ransom, we will broker and validate a solution that minimizes the cost of recovery for you, validates the transaction, and prevents further extortion from the attacker. We can also develop and implement a containment plan to isolate any additional infections and prevent further ransomware attacks.
Crypsis consultants were called in to help a manufacturing company that fell victim to a ransomware scheme in which the hackers gained access to data through a phishing email that claimed to come from a large shipping company. The email said that a failed delivery attempt was made to the company and invited the recipient to click on an attached ZIP folder that, when executed, downloaded and installed ransomware to the system. When this happened, its files were encrypted and a ransom of 4 Bitcoins was demanded to receive the decryption key for accessing the files. The ransom was not paid because the company had recently backed up its important data and was able to cut its losses on the additional data that could not be recovered.
Our investigation determined that this was strictly an opportunistic attack in which a victim’s files were encrypted because an employee clicked on a phishing email attachment and executed ransomware. We determined that there was no unauthorized access into the environment itself and no additional activity other than the ransomware infection.