1.
DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISK TO ANY ORGANIZATION:
RECENT EXPERIENCE SHOWS THE DANGER OF YIELDING TO RANSOMWARE THREATS
Where is the new risk to organizations everywhere? In their data! All data – enterprise data in operational
networks, communications systems, supervisory control and data acquisition systems (SCADA), industrial
control systems (ICS) and financial systems – are increasingly assaulted by cyber attacks in many forms.
“Data as Organizational Risk” is the new normal. Security environments are under threats of illegal
breaches and data exfiltration attacks that are planned and executed by an array of cyber criminals – lone
hackers, hacktivists, criminal organizations and nation states. Even worse, these criminals meticulously
strategize, research and plan their attacks, They frequently attach themselves unnoticed inside company
firewalls, often sitting “silently” for weeks or months. As they wait, they are slowly mapping networks and
acquiring higher access credentials that will enable them to move quickly, quietly and laterally inside
systems to launch their attacks.
In many instances, cyber criminals use the “silent” periods of compromise to achieve full awareness of an
organization’s defenses, controls and weaknesses before launching their attacks. In many cases, by the
time the company has discovered a breach, or law enforcement has notified them that they are being
breached, it’s too late.
Unfortunately, the modern threat environment specifically related to cyber crime has no borders, no check
points and no guards standing at their posts protecting against such threats. In the end, cyber criminals
can spot targets, evaluate the risk of attacking them and eventually sell the information they have stolen.
A RECENT BREACH DEMONSTRATES THE NEED FOR EFFECTIVE RANSOMWARE RESPONSE
A recent ransomware attack illustrates both the cunning and treachery of today’s cyber attackers, as well
as the importance of being prepared to respond to an attack proactively. Although Navigant teams were
ultimately brought in to remediate the attack, the victim’s initial response demonstrated the dangers of
underestimating the risk that attackers pose.
In this infiltration, the attackers’ method was to exploit a faulty system patch and outdated infrastructure.
This exploitation led to the criminals’ discovery of further system vulnerabilities that allowed them to
perform a ransomware attack. The attack penetrated the target organization’s entire system, seizing and
encrypting more than 600 hard drives and related infrastructure – resulting in the loss of more than two
terabytes of data.
The victim organization initially began paying ransoms for decryption keys to release hard drives back into
”live” state, instead of calling upon private companies or law enforcement agencies for help. This early
response by the organization resulted in only two servers being released by the attackers, before the
ransoms were increased on the remaining data. This technique – in which ransom payments merely lead
to escalated demands – is a trend we are seeing with increasing frequency with clients we assist across
the United States, and also within our U.K. offices. Statistics gathered from international software security

2.
groups confirm this alarming ransomware trend:
Source: Kaspersky Security Bulletin 2015
When the ransom payments ended up only exacerbating the problem, the organization enlisted
Navigant’s Information Security team to help. Within eight hours of arriving on site, our team of forensics,
incident response, and cyber professionals was able to ascertain the location from which the data had
been exfiltrated, and identified the type of ransomware that had been deployed against the client’s
infrastructure.
After containing and remediating the attack, Navigant developed a comprehensive solution with
actionable recommendations and strategies for upgrading the organization’s hardware and software
system infrastructure to reduce the risks of future attacks.
ADDRESSING RISKS AND TAKING ACTION: KNOWING THE RISK AND GETTING AHEAD OF IT
With cyber criminals now mastering many sophisticated and ever-evolving techniques, business
leaders are discovering that hopeful attitudes and denial about the potential severity of data breaches
are especially dangerous. Leading organizations are paying increased attention to threats of cyber
attacks, and they are recognizing that now is the time to proactively address their information security
systems and cyber attack protocols.
Current cyber risks require companies to proactively monitor risks while holistically mapping that
intelligence to the specific infrastructure and risk profiles unique to their organization. Navigant’s
experienced teams of cyber professionals not only remediate the attacks – they put preventive
measures in place to spare companies catastrophic financial and enterprise data loss.

3.
Cyber Marketing Blast – Other Comments
FOR MARKETING TEAM USE TO ALTER VISUAL AND PROVIDE CITATION:
Number of users attacked by Trojan-Ransom encryptor malware (2012 – 2015)
2012 36232
2013 15363
2014 120840
2015 179209
Kaspersky Security Bulletin 2015
https://securelist.com/analysis/kaspersky-security-bulletin/73038/kaspersky-security-bulletin-2015-
overall-statistics-for-2015/
Page 1