Information Security award entry

Cyjax were engaged by a leading cyber insurance underwriter to assist in the mitigation of a serious attack being levied against a medical organisation. The company was being held to ransom after a cyber-crime syndicate exploited their infrastructure and infected their medical files with ransomware. With no backups the company was looking at a total loss of all digital information, its operational capacity and a serious fine under the HIPPA compliance framework. Further, 24 months mandatory credit profile monitoring for all affected clients and a public press release that would cause brand damage and encourage law suits.
A ransom payment had already been attempted, but to no avail.
The Cyjax Live Intelligence team, a team of highly skilled analysts and technical intelligence experts, used their darknet technology to quickly identify the source of the attack and the actors that needed to be engaged if there was to be any chance of a successful recovery.
Whilst this was a time critical and extremely sensitive case for all involved, it was important to secure the evidence needed should our attempts be unsuccessful in mitigating the attack or in the event of legal/compliance scrutiny.
Using one of the personas we maintain for darknet engagements, we made contact and proceeded to negotiate.
As part of our negotiations over price, we asked a series of seemingly innoculous questions aimed at generating responses that could be used as evidence should the case end up in court; but, to also help the medical organisation at the center of the attack understand what has been breached, how, and why. Ultimately our approach was successful; not only did we negotiate the price down to half of what was originally asked, we also got them to document their methods in writing, explaining what they did, how they did it, and why. This helped the medical organisation to assess the likelyhood of customer data access, personal information theft and also to inform their ongoing recovery strategy by helping them focus their resources on the facts, rather than waiting for the results of a lengthy and expensive forensic investigation that was initiated by their incident responder once they realised they were unable to restore the systems.
Ultimately, we secured the release of the encryption keys from the attackers, and enabled a complete restoration of all data.
The medical organisation’s legal representatives were satisfied that their client had not broken any laws or contrived to cover up a serious breach of the HIPPA compliance framework. The expensive incident response and subsequent forensic process could end, and no further losses would be incurred by the insurance underwriters or the medical organisation that was attacked.
It was later determined by the underwriter that our actions in this case saved a claim that would have resulted in a payout of $3.5m.

A saving of $3.5m – this was the insurance policy value should a disaster such as the one described above ever happens. Fortunately we were able to aid a complete restoration of their services.

We use psychology in our approach to engage actors on a more personal level and have them open up and reveal far more intelligence about themselves and the look and shape of the organisations that support them.

Do not attempt to engage ransomware actors yourself. They will take advantage of anything they can.

The currencies they deal in are untraceable, and they often run with the money.

Never give them any of your files for so called ‘testing’ or ‘proof’ – you are just giving away personal or sensitive data.

If you do engage them, negotiate, hard! Even if it is time critical. If you do not, you are likely to be seen as an easy target and will be scammed.

The most important advice we have for you if you have been the victim of a ransomware attack is: They have not taken any of your files, they have absolutely no interest in looking inside any of your systems, and they certainly are not still present on your network after a successful attack, so keep that in mind and do not waste any time investigating to the contrary – this is not how ransomware works, and never will be. They want you to give them your money with absolutely zero risk of exposing their identities or real locations, as quickly as possible, and will say anything to achieve this.

An entry for you to assess

2017 Submission: Heading
This is the main picture that will appear at the top of your entry. At least 1200 pixels wide is recommended.
Maximum upload size: 2.1MB
Please use the internet address of a picture (it should end in .png or .jpg or similar) that will be visible to people outside your organisation until after the awards end.
No more than 10 words please.
No more than 25 words please

Save this tab if you have made any changes

Another organisation

Please provide the internet address of the organisation's logo
For inclusion in our publicity about this entry if nominated
Information will be required about the start and end date of, size of investment in and geographical scope of your initiative where appropriate

About your Entry

The information you provide here will help determine the suitability of your submission and the best shortlist for your entry if nominated

implementation
implementation
implementation
implementation
implementation
implementation
The investment on this initiative from its initial conception to now, excluding elements that would have been required for other reasons anyway, and excluding aspects that do not impact this entry. We may use this when finalising the shortlists to split a popular category into two categories by project size. Also judges take this into account when assessing Impact, and so if you can disclose this information it can only be helpful for both of these processes.
initiative's focus
Which region(s)?
Which nation?
Covering which countries?

Confidentiality

Let us know here if you would like some aspects of your entry kept confidential
We may wish to include your entry in publicity about shortlisted entries.
If you would like the candidate's organisation's name to not be mentioned by us then please ensure that it is also not mentioned in your text, images, videos or PDFs included in your entry.

Save this tab if you have made any changes

Your Entry

Here you describe your initiative or strategy; what you did and why you did it, how it was successful and what your fellow professionals could learn from your experience. You can use a mix of text, pictures, video and PDFs etc. to convey your ideas and engage the interest of judges. We recommend that you include a concise overview for judges spending less time reviewing entries, with greater depth also provided for those that wish to know more. You will be able to fine-tune (edit) your materials up until the time that judging starts.

Any background or confidential information that you would like the organisers to take into account when considering this entry for nomination. This will not be published.
Your entry in full.
If you have a video you would like included with your entry description, upload it to YouTube and paste the link here
Maximum upload size: 2.1MB
If you have a PDF you would like included with your entry description, upload it here

About the following

These input blocks for Impact, Innovation and Inspiration are provided in case you would wish to provide additional information for the judges, to help them understand the strength of your submission in terms of each of our three judging criteria.

The difference made in target communities and benefits to the organisation - good anecdotal or metric evidence of real outcomes rather than reams of stats.
If you have a video you would like included with your impact statement, upload it to YouTube and paste the link here
What's distinctive about this entry and how being creative has helped you overcome challenges - a good idea that your fellow professionals might not have thought of.
If you have a video you would like included with your innovation statement, upload it to YouTube and paste the link here
Hints and tips from your real experience to help your fellow professionals (the judges) adopt your good ideas and apply them to suit their circumstances.
If you have a video you would like included with your inspiration statement, upload it to YouTube and paste the link here

Save this tab if you have made any changes