Cyber crime doesn’t pay

Solution

Thankfully, the company called in Clyde & Co’s cyber team. Senior Associate Rosehana Amin picks up the story. “We were able to help them on a number of levels – a technical perspective, to assess the damage, a PR perspective, to coordinate communications, and in notifying the relevant regulators about a possible breach." 

"After a comprehensive assessment of the threat we advised against the client paying,” says Rosehana Amin.

The cyber team gathered an enviable team of experts – including a forensic investigator who had worked for 30 years for Scotland Yard, advising the British Government on terrorism issues. With the whole exercise cloaked in secrecy to pre-empt risk, the team set about, discretely, informing the regulator and scouring the client’s IT system to track down the extent of damage – and determine how credible the attacker was.

Using the nature of the information given by the cyber attacker as ‘proof’ they had hacked the system, there was some indication that it could have been an inside job. But a sensitively handled analysis of employee data privileges and their travel versus where the email had originated – from a foreign IP address – showed that it was unlikely to be a current employee.

Another line of investigation was to try to narrow down who the attacker might be. Linguistics experts looked at the wording of the text and concluded, through the syntax of the language, that the culprit was likely to be a non-native speaker and was able to narrow down the region the attacker was likely to be from. While this was ongoing a further team scoured social media and the ‘dark web’ for chatter about the information taken, it being offered for sale etc. The behaviour of the attacker was also erratic, more like someone disgruntled, or with a personal vendetta against the client, than a professional cyber attacker.

“Our multi-layered investigation was conducted in a comprehensive and transparent manner,” says Rosehana. “This allowed us to present a clear total picture to the client, with facts, reasoned arguments and advice on the likely implications of talking to the cyber attacker – or not."

Outcome

“We recommended that the ransom not be paid,” continues Rosehana. “This was since, from a technical perspective, our research showed that the cyber attacker couldn’t have accessed the information they claimed to, or had any more data than they had already divulged. Our findings also showed, in a calculated and measured way, that they were not as credible as they claimed to be. We believed it was a big bluff – and the client agreed and decided not to pay – or to engage at all with the cyber attacker.”

Just as Clyde & Co predicted, nothing happened when the deadline for payment passed. “The client didn’t pay a cent, no further communication was received from the cyber attacker and the data that was threatened to be released was not,” concludes Rosehana. “We couldn’t conclude who the attacker was or their motivations, but we did help prevent reputational and economic harm to the client, make recommendations to improve IT security – and the cyber attacker didn’t get a penny."