Apply now
Supporting a client under attack. Real time response to a cybersecurity incident
Our task: Contain and remediate the attack. Now.
Our client, a mid-size company in Switzerland, was notified of a security breach by the computer emergency response team (CERT) and called us. First, we confirmed the incident and asked, “What do you already know?”
Handling started immediately at the “war room” on site at the client. We set up data collection to capture logs, memory dumps, network traffic and artifacts of the incident, and isolated the client's network from the internet. Then we launched protective and corrective measures. We notified authorities such as Financial Market Supervisory Authority (FINMA) in Switzerland, the European Data Protection Supervisor (EDPS) in Germany, and the Securities and Exchange Commission (SEC) in the US.
Our next goal was eradicating the malware, but the client had no security tools to support that. Oh no! It was Friday night before Christmas and most employees were on holiday, but we had to stop the attack before the next regular business day. Moreover, firms infiltrated once often fall victim again. During the encrypted phase, we negotiated with the ransomware threat actor, to stall them and gain time. We leveraged all available artifacts to reconstruct the attack, identify the initially compromised "patient zero" – before the threat actor or attacker could hold data, paralyze business, or crash the IT services. In parallel, we set up a clean IT environment to rebuild from scratch what cannot be recovered.
Lucky for the client: They kept offline backups. Recovery began. We decrypted all servers, brought the crucial IT services back and finally also reinstated the connection to the internet. In the end, our client emerged even stronger than before. They remain a client, and we have set up a systematic cybersecurity response and recovery plan to help prevent further attacks while increasing their protection. There’s never a dull moment as a team of incident responders.
Cybersecurity
Our Cybersecurity teams are local and global experts who help companies create an end-toend roadmap for cybersecurity. Together, we find ways of allocating cybersecurity investments so that risk is value based to capture the benefits of a secure digital transformation. We work as a trusted partner to help ensure that security is at the core of our clients’ business strategies.
A community of solvers with sharp minds and leading technology skills, we are committed to helping our clients become resilient and security compliant. So they can work around the risks and combat cyberattacks and threats with confidence.
Concerns about personal and digital security can erode trust in institutions and technological transformation. We work with intensity and purpose, delivering sustained cybersecurity outcomes.
Do you have top IT skills? Are you fascinated by digital forensics? We’re looking for bright talent to join our Cybersecurity Team.
Ready to work on projects like this?
We're always looking for smart people like you.