Cyber crime doesn’t pay

  • Case Study
  • Case Study

  • Cyberrisques

  • 2020

Ransomware victims don’t always have to pay up. Thanks to the experts gathered by Clyde & Co’s cyber team, a company in the marine sector was able to call the bluff of a disgruntled cyber attacker, preserve client confidentiality – and not pay a penny in ransom.

Problem

Nobody really likes people knowing their business, but for high profile clients the prospect of their actions becoming public knowledge can be catastrophic. And if the cause of this catastrophe were a supplier then there is every chance that any further relations between them would be dead in the water. 

That was the prospect that an international company in the marine sector faced when it received a six-figure Bitcoin ransomware demand. With high net worth international clients the prospect of their confidential information becoming public would cause embarrassment to them – and untold economic harm to the company.

Stolen data

The prospect of confidential information becoming public would cause embarrassment

Damage control

We were able to help them on a number of perspectives – technical, to assess the damage, PR, to coordinate communications

Collaboration

The team gathered an enviable team of experts – including a forensic investigator who had worked for 30 years for Scotland Yard

Prevention

We did help prevent reputational and economic harm to the client and make recommendations to improve IT security

Solution

Thankfully, the company called in Clyde & Co’s cyber team. Senior Associate Rosehana Amin picks up the story. “We were able to help them on a number of levels – a technical perspective, to assess the damage, a PR perspective, to coordinate communications, and in notifying the relevant regulators about a possible breach." 

It was really in our advice in how to respond to the ransomware demand that we really added value.

Rosehana Amin, Senior Associate

 

"After a comprehensive assessment of the threat we advised against the client paying,” says Rosehana Amin.

The cyber team gathered an enviable team of experts – including a forensic investigator who had worked for 30 years for Scotland Yard, advising the British Government on terrorism issues. With the whole exercise cloaked in secrecy to pre-empt risk, the team set about, discretely, informing the regulator and scouring the client’s IT system to track down the extent of damage – and determine how credible the attacker was.

Using the nature of the information given by the cyber attacker as ‘proof’ they had hacked the system, there was some indication that it could have been an inside job. But a sensitively handled analysis of employee data privileges and their travel versus where the email had originated – from a foreign IP address – showed that it was unlikely to be a current employee.

Another line of investigation was to try to narrow down who the attacker might be. Linguistics experts looked at the wording of the text and concluded, through the syntax of the language, that the culprit was likely to be a non-native speaker and was able to narrow down the region the attacker was likely to be from. While this was ongoing a further team scoured social media and the ‘dark web’ for chatter about the information taken, it being offered for sale etc. The behaviour of the attacker was also erratic, more like someone disgruntled, or with a personal vendetta against the client, than a professional cyber attacker.

“Our multi-layered investigation was conducted in a comprehensive and transparent manner,” says Rosehana. “This allowed us to present a clear total picture to the client, with facts, reasoned arguments and advice on the likely implications of talking to the cyber attacker – or not."

Outcome

“We recommended that the ransom not be paid,” continues Rosehana. “This was since, from a technical perspective, our research showed that the cyber attacker couldn’t have accessed the information they claimed to, or had any more data than they had already divulged. Our findings also showed, in a calculated and measured way, that they were not as credible as they claimed to be. We believed it was a big bluff – and the client agreed and decided not to pay – or to engage at all with the cyber attacker.”

Just as Clyde & Co predicted, nothing happened when the deadline for payment passed. “The client didn’t pay a cent, no further communication was received from the cyber attacker and the data that was threatened to be released was not,” concludes Rosehana. “We couldn’t conclude who the attacker was or their motivations, but we did help prevent reputational and economic harm to the client, make recommendations to improve IT security – and the cyber attacker didn’t get a penny."

Key Contacts

Helen Bourne
Helen Bourne

Partner

Rosehana Amin
Rosehana Amin

Partner

Related Client Case Studies