A client is a large producer of plant based food and beverage ingredients with multiple offices around Australia. Unfortnately, the client suffered a ransomware cyber-attack (Ryuk variant) due to a human error.
The attacker gained access to the clients system via a suspected RDP compromise and deployed ‘file-less’ malware known as ‘Meterpreter’. The source of the malware is unknown but it’s possible it was from a torrent downloading website that a staff member had accidentally accessed.
Meterpreter is a Remote Access Trojan which allows the attacker remote privileges to execute code and deploy further payloads without detection. The malware ran Ryuk to encrypt data on our clients servers, which is when the attack was discovered by our client. The hacker had access to the clients system for approximately 8 days.
Our client notified their broker team and they instantly contacted the insurers incident reponse team who took all appropriate measures to ensure minimal impact to the business.
The client had their systems turned off and taken offline prior to using a loan server from their IT provider. The IT provider managed to restore the clients data onto their loan server from recent backup (a night before the Ryuk attack).
The IT provider got the client working in an isolated network and all affected workstations / machines / devices were inspected, wiped and put back onto the network.
Further forensic investigations were undertaken as there is no evidence highlighting the the hacker had accessed sensitive personal information or that data was exfiltrated from the system, however malware had the capability to achieve these functions.
Lawyers were engaged who did not consider the incident to be an eligible data breach. The forensic and legal investigations were completed and the file closed.
Claim costs: $69,276