Thankfully, the company called in Clyde & Co’s cyber team. Senior Associate Rosehana Amin picks up the story. “We were able to help them on a number of levels – a technical perspective, to assess the damage, a PR perspective, to coordinate communications, and in notifying the relevant regulators about a possible breach."
It was really in our advice in how to respond to the ransomware demand that we really added value.
Rosehana Amin, Senior Associate
"After a comprehensive assessment of the threat we advised against the client paying,” says Rosehana Amin.
The cyber team gathered an enviable team of experts – including a forensic investigator who had worked for 30 years for Scotland Yard, advising the British Government on terrorism issues. With the whole exercise cloaked in secrecy to pre-empt risk, the team set about, discretely, informing the regulator and scouring the client’s IT system to track down the extent of damage – and determine how credible the attacker was.
Using the nature of the information given by the cyber attacker as ‘proof’ they had hacked the system, there was some indication that it could have been an inside job. But a sensitively handled analysis of employee data privileges and their travel versus where the email had originated – from a foreign IP address – showed that it was unlikely to be a current employee.
Another line of investigation was to try to narrow down who the attacker might be. Linguistics experts looked at the wording of the text and concluded, through the syntax of the language, that the culprit was likely to be a non-native speaker and was able to narrow down the region the attacker was likely to be from. While this was ongoing a further team scoured social media and the ‘dark web’ for chatter about the information taken, it being offered for sale etc. The behaviour of the attacker was also erratic, more like someone disgruntled, or with a personal vendetta against the client, than a professional cyber attacker.
“Our multi-layered investigation was conducted in a comprehensive and transparent manner,” says Rosehana. “This allowed us to present a clear total picture to the client, with facts, reasoned arguments and advice on the likely implications of talking to the cyber attacker – or not."