November 16, 2021
Automotive Company Recovers From Ransomware & Strengthens Security Posture

The Challenge

A global automotive organization was hit with ransomware by the Egregor gang. A ransom was demanded, and threat actors threatened to leak sensitive data if payment wasn’t made. More than 650 systems were impacted by the time the company managed to contain the malware infection. Attackers were still in the environment, and the client wanted to avoid giving in to their demands. They struggled to ascertain how they were breached and needed to evaluate the current state of their security controls and countermeasures.

The Solution

The client reached out to CBI, and our Incident Response and Advanced Testing Services (ATS) teams were engaged. Our digital forensics experts provided strategic guidance as the step-by-step actions of the attackers were retraced, the ransomware was removed, and an in-depth forensics investigation was carried out.

Working collaboratively with the company, CBI penetration testers identified multiple pathways that facilitated privilege escalation. We were able to compromise the entire network within 24 hours, uncovering significant security gaps in remote access, patch management, password management, credential storage, vulnerability management, and SOC capabilities in the process.

The Results

CBI facilitated the eradication of Egregor from the client’s environment and helped them avoid paying a ransom. We identified over 90 vulnerabilities; 48 were critical—including a remote code execution (RCE) vulnerability that could allow an attacker to run code of their choosing with system-level privileges. We provided the client with the actionable recommendations they needed to successfully address weaknesses in their security program and maintain a secure network going forward. A precise and detailed key-findings report highlighted each discovered vulnerability, the potential for exploitation it presented, and specific remediation steps.

View Case Study
About the Author
CBI | Cybersecurity Solutions
CBI Cybersecurity
CBI is a leading cybersecurity advisor to many of the world’s top tier organizations. Founded in 1991, CBI provides innovate, flexible and customizable solutions that help ensure data is secure, compliant and available. We engage in an advisory-led approach to safeguard our clients against the ever-changing threat landscape—giving them comprehensive visibility into their entire security program and helping them avoid cyber challenges before they can impact their data, business and brand. We are dedicated to the relentless pursuit of mitigating risks and elevating corporate security for a multitude of industries and companies of all sizes.
I Need To...