Financial Firm’s Data Restored After RDP Exploitation
A small financial firm engaged the At-Bay claims team immediately following a ransomware attack and started unlocking files just two days after the attack.
Hacker Uses RDP to Hold Files for Ransom
A $7M financial services firm was hit with a ransomware attack that froze critical systems, crippling their business, and blocking access to files. The underlying vulnerability was an open Remote Desktop Protocol (RDP), a port commonly used by companies to provide employees remote access to their network. The hacker used the RDP vulnerability to infiltrate and encrypt the organization’s data, and then held it for ransom in exchange for cryptocurrency. Since this client handles a large volume of sensitive payment data, the cyber attack could have resulted in significant damages alleged by customers whose data was compromised.
Negotiating a Timely Solution to Get Back to Business
Once the client notified At-Bay of the claim, At-Bay claims engaged the incident response partners within an hour and jump-started the response work that same day. The client was able to begin data restoration within two days. Throughout the restoration process, the breach coach worked with the client to analyze what data was accessed during the attack and determine whether the client would need to provide notifications and credit monitoring services to any affected individuals. Fortunately, At-Bay’s seamless cyber response efforts meant that the encrypted data was restored within three weeks, resulting in a minor business interruption loss to the client, covered by their At-Bay policy.