When your data is breeched – that’s a huge problem. When that data includes your clients and associates and their legal and financial data, you need the problem solved immediately.
A regional law firm was hacked and had its email compromised and taken over by cybercriminals. The hackers sent out numerous emails to the firm’s clients, associates, and members of the judicial system requesting financial and fiduciary rights regarding settlements, judgements, and plea agreements.
LaScala was contacted to remediate the situation and to recover all operational control of the email system and to put safeguards in place to prevent the bad actors from continued access.
Our engineers uncovered outdated applications within the law firm’s infrastructure that have been linked to security breaches, providing a “back door” for the bad guys..
LaScala's Solution
The LaScala team took the following steps to achieve remediation at the regional law firm:
- Initial Assessment
- Identify Symptoms: Gather information on how the intrusion was detected, including any unusual behavior, such as system slowdowns, unexpected pop-ups, or data loss.
- Assess Impact: Determined which systems, networks, and data might be affected by the intrusion.
- Containment
- Isolated Infected Systems: Disconnect affected devices from the network to prevent the spread of any malware.
- Backup Data: Ensured that critical data is backed up, especially if it has not already been compromised.
- Investigation
- Analyze the Intrusion/Malware: Identified what type of intrusion/malware was present (e.g., virus, ransomware, spyware) and how it entered the system (e.g., phishing email, malicious download).
- Check Logs: Reviewed security logs and event logs to find signs of compromise and understand the attack vector.
- Eradication
- Deploy Antivirus/Antimalware Tools: Ran a complete scan using updated antivirus tools to remove the malware.
- Manual Removal: In some cases, manual removal of malware components was necessary. This involved clearing temporary files, restoring systems, and modifying the registry.
- Patch Vulnerabilities: Ensured that all systems and software were updated to close security holes that might have been exploited.
- Recovery
- Restore Systems: Rebuild and restore systems from clean backups.
- Monitor Systems: After recovery, closely monitor systems for any signs of residual malware or new attacks.
- Post-Incident Analysis
- Document Findings: Create a report detailing the malware infection, how it was addressed, and recommendations for future prevention.
- Strengthen Security Posture: Implement strategies such as regular updates, proper multiple level backups & recovery, user training on phishing, and other enhanced security solutions.
- Follow-Up
- Perform Regular Audits: Schedule regular security assessments to ensure that the systems remain secure.
- Incident Response Plan: Develop an incident response plan for future incidents.
Co-Managed Security Services
When your company’s security and reputation are at risk you need an experienced and dedicated cybersecurity team. The law firm now has and is continuing to utilize LaScala Co-Managed Security Services to build out a layered security fabric necessary to help protect them from future cyber-attacks.
Contact LaScala about our Co-Managed Security Services today for more information on how we can help you secure you from unauthorized, malicious access to your company’s critical data, which may have an adverse effect on your revenue and company reputation.
LaScala’s Co-Managed Security Services are a 24/7/365 solution designed to address these escalating challenges. Connect with our team today.
