Challenge

A global automotive organization was hit with ransomware by the Egregor gang. A ransom was demanded, and threat actors threatened to leak sensitive data if payment wasn’t made. More than 650 systems were impacted by the time the company managed to contain the malware infection. Attackers were still in the environment, and the client wanted to avoid giving in to their demands. They struggled to ascertain how they were breached and needed to evaluate the current state of their security controls and countermeasures.

Solution

The client reached out to CBI, and our Incident Response and Advanced Testing Services (ATS) teams were engaged. Our digital forensics experts provided strategic guidance as the step-by-step actions of the attackers were retraced, the ransomware was removed, and an in-depth forensics investigation was carried out.

Working collaboratively with the company, CBI penetration testers identified multiple pathways that facilitated privilege escalation. We were able to compromise the entire network within 24 hours, uncovering significant security gaps in remote access, patch management, password management, credential storage, vulnerability management, and SOC capabilities in the process.

Results

CBI facilitated the eradication of Egregor from the client’s environment and helped them avoid paying a ransom. We identified over 90 vulnerabilities; 48 were critical—including a remote code execution (RCE) vulnerability that could allow an attacker to run code of their choosing with system-level privileges. We provided the client with the actionable recommendations they needed to successfully address weaknesses in their security program and maintain a secure network going forward. A precise and detailed key-findings report highlighted each discovered vulnerability, the potential for exploitation it presented, and specific remediation steps.

View Case Study