Skip to content

A Ransomware Case Study

How Dewpoint Helped Mitigate the Impact of a Ransomware Attack

The Attack

At 5:00 am, an employee from a large public utility opened an email with an attachment that infected a computer in the internal network. The ransomware spread, encrypting files on other computers on the internal network.  The ransomware shut down the accounting system, email service for 250 employees, and phone lines, including the customer assistance line for account inquiries and the line for reporting outages.  Printers and other technology were also affected.

The Call

An emergency call came into the Dewpoint service desk early that Monday morning.   The hackers were demanding payment, and the client was not sure of the next steps.  Although the client was responsible for their infrastructure, they knew Dewpoint had cybersecurity and infrastructure experts to assist.

CS Middle Picture v1

The Help

Formed a SWAT team including client CTO and IT staff and additional cyber security firm hired by the company’s cyber insurance to maintain clear and open communication throughout the recovery process

Developed a critical item checklist to prioritize items and keep track of items completed. This checklist also helped form the “lessons learned” to address any future incidents proactively

Determined impacted systems, including classifying information on those systems and deciding how to restore the data

Held daily status meetings to discuss the current status, review assignments, and address any new issues or risks

Assisted in rebuilding impacted systems (as needed)

The Resolution

In the end, the public utility paid the ransomware request based on the advice of their legal and IT teams. Luckily the utility had a multilayer “Cyber Edge” insurance policy at the time of the attack to defray costs of the ransomware attack, including providing the expert assistance needed in updating and rebuilding systems. It included strengthening cybersecurity policies and processes to mitigate future risks and developing a ransomware response approach.

Follow Dewpoint