Ryuk Ransomware Incident Report

On Monday October 28, 2019, a local School District was hit with a ransomware attack, identified as a strand of “Ryuk”. AIS was contacted and addressed the situation quickly and efficiently, reaching out to the client to establish a timeline of events, identify impacted systems, and figuring out a general overview of the server environment.

 

A plan of action was developed,…

Case Study: Phishing Attack Creates Public Links to Private Files

Scenario
An email Phishing attack resulted in unauthorized access to the victim’s email mailbox and the creation of public-sharing links to private Microsoft OneDrive files.
Background
In early 2019, an AIS Managed SIEM Alert indicated that a Customer email mailbox was accessed from the United States and from Russia less than an hour later, triggering an Impossible Travel Alert. Minutes later, an additional…