Facing a daunting challenge

A leading university in the US faced multiple cyber security challenges that threatened its operations and data integrity. Limited evidence was available due to encryption, complicating efforts to trace and resolve security incidents. The university also had to manage the expectations of various stakeholders while dealing with an aggressive threat actor responsible for two distributed denial-of-service (DDoS) attacks. Additionally, the absence of firewall logs and file server records for data exfiltration posed significant challenges.

Bringing in a cyber security specialist

Needing to act swiftly, the university adopted a pragmatic approach, working with all available resources. The institution brought in Quorum Cyber to manage its cyber security. Quorum Cyber was engaged to enhance system management, and areas such as Microsoft Office365 review and triage were prioritised for rapid action. To manage expectations, daily updates and written reports were provided to stakeholders. Negotiations were leveraged to gather evidence of data exfiltration, ensuring transparency and accountability. Notably, the university decided not to make any ransom payment.

Safeguarding the university

Despite the complexities, the university achieved several key outcomes:

• Comprehensive Analysis: Examination of logs confirmed several security incidents, including compromised accounts, lateral movement, and the presence of a ransomware payload
• Partial Restoration: Some devices were restored before complete data collection, showcasing progress in system recovery
• Data Handling: The university received samples of files and downloaded leaked data, providing insights into the breach’s impact
• Stakeholder Satisfaction: The university’s board approved the decision not to pay a ransom to the cybercriminals.

The university’s proactive measures and commitment to transparency allowed it to navigate the cyber security incident while minimising financial loss. Although some data was compromised, the university’s ability to restore operations and provide detailed analyses underscored its resilience and dedication to safeguarding its students, researchers, staff, and its reputation.

Contact us if you would like to discuss any aspects of your organisation’s cyber security.