An unnamed organization that fell victim to ransomware, failed to adequately investigate the root cause of the attack, and as a result, it fell victim to the exact same attack two weeks after the original incident. Even worse, the victim organization paid the ransom demand both times in order to restore their network. After the initial attack, the company paid in bitcoin worth roughly £6.5 million GBP or $8.9 million USD in order to recover their data. Less than two weeks later, the same threat actor attacked the victim’s network again, using the same mechanism as before, and re-deployed their ransomware. It is imperative that organizations that fall victim to ransomware concentrate on finding out how it happened before anything else. The cost of an incident response investigation from a top-tier security firm is far less expensive than paying another ransom.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is