Black Basta Ransomware group targeted a legal firm with 200 employees. The malicious actors behind the ransomware attack encrypted critical and sensitive data, demanding a hefty ransom of USD 1 million. They alleged data exfiltration for double extortion.
Total data recovery and de-corruption
Reduction in ransom demand
Total cost of services
Proved false allegation of data exfiltration
The Challenge
The Black Basta Ransomware attack was executed with surgical precision. Once inside, the threat actors set their sights on the company’s repository of critical and sensitive data, consisting of case files, internal correspondence, and client information.Â
The ransomware maliciously encrypted this data, rendering it inaccessible to the firm. The attackers then sent a ransom message, claiming to have exfiltrated the data and demanding a ransom of USD 1 million in return for the decryption key and to not leak the stolen data.
Black Basta Ransomware Attack Costs
Beyond the ransom and the recovery service, ransomware attacks also cause reputation damage to their victims.
In terms of operations, the firm suffered a two-week disruption. During this period, access to critical and sensitive data was severely limited, hindering case proceedings and delaying important legal services.
From a reputational standpoint, the ransomware attack posed a severe threat. Despite the false claims of data exfiltration by the attackers, such incidents could lead to a loss of client trust. Clients entrust legal firms with sensitive information and expect them to have robust security measures in place to protect this data.
The ransomware attack experienced by the legal firm serves as a reminder of the potential risks posed by cybercriminals. It also highlights the importance of having comprehensive cybersecurity measures and incident response planning to counter evolving threats.Â
Despite the financial, operational, and reputational implications of such incidents, swift action combined with technical expertise can help organizations limit damages and recover quickly.
Proven Data's Incident Response Process
The entire process, from the identification of the threat to complete recovery, took a total of 2 weeks, demonstrating a swift and efficient response to the ransomware attack.
The first step in the recovery process was identifying the type of ransomware that had infiltrated the system. In this case, it was the Black Basta Ransomware.
Next, the infected systems were isolated to prevent the ransomware from spreading to other parts of the network.
A comprehensive forensic investigation was conducted to ascertain the extent of the damage. Proven Data’s forensics investigation found the allegations of data exfiltration to be false.
While technical recovery efforts were ongoing, a parallel process of negotiating with the attackers was initiated. This successfully reduced the ransom demand from USD 1 million to USD 10,000.
Our team was able to exploit a weakness in the ransomware’s encryption to recover most of the encrypted data.
The decrypted data required a process of de-corruption to salvage as much information as possible.
The Results
- Complete Data Decryption
- Data Recovery
- Data De-Corruption
- Ransom Cost Reduction
- Disaster Mitigation
- Ransomware Prevention Assistance
