An emergency call came into the Dewpoint service desk early that Monday morning. The hackers were demanding payment, and the client was not sure of the next steps. Although the client was responsible for their infrastructure, they knew Dewpoint had cybersecurity and infrastructure experts to assist.
At 5:00 am, an employee from a large public utility opened an email with an attachment that infected a computer in the internal network. The ransomware spread, encrypting files on other computers on the internal network. The ransomware shut down the accounting system, email service for 250 employees, and phone lines, including the customer assistance line for account inquiries and the line for reporting outages. Printers and other technology were also affected.
1. Formed a SWAT team including client CTO and IT staff and additional cyber security firm hired by the company’s cyber insurance to maintain clear and open communication throughout the recovery process
2. Developed a critical item checklist to prioritize items and keep track of items completed. This checklist also helped form the “lessons learned” to address any future incidents proactively
3. Determined impacted systems, including classifying information on those systems and deciding how to restore the data
4. Held daily status meetings to discuss the current status, review assignments, and address any new issues or risks
5. Assisted in rebuilding impacted systems (as needed)
In the end, the public utility paid the ransomware request based on the advice of their legal and IT teams. Luckily the utility had a multilayer “Cyber Edge” insurance policy at the time of the attack to defray costs of the ransomware attack, including providing the expert assistance needed in updating and rebuilding systems. It included strengthening cybersecurity policies and processes to mitigate future risks and developing a ransomware response approach.