Introduction

A leading Oil & Gas customer approached Safetech asking for support to identify the root cause of a successful ransomware attack launched by the Hive Ransomware Gang that encrypted their ESXi virtual machines.

The Challenge

The Oil & Gas sector is under attack from global cyber criminals and our client needed the expertise and cyber security experience in-house to be able to support ransomware identification lead by the Hive Ransomware Gang.

The Solution

Safetech’s team of Crest accredited offensive security specialists conducted several tests that are representative of an attacker’s approach to finding vulnerabilities. Our team tracked their findings and then provided the client with a probability and clear risk factor score. This gave our team and the client a clear understanding of the vulnerabilities and, more importantly, how we could rectify them.

After completing all of the tests our client received a detailed report which included all details of the completed tests; outcomes, results and. The report included a list of all vulnerabilities found, details of the severity and scale of each vulnerability, how they have been exploited and, crucially, advice on how to remediate the vulnerability. The report was structured to allow it to be easily digested by the board as well as clear and actionable for the security team.

Methodology

Safetech's Level 3 cybersecurity (L3) specialists went to the client facility and collected evidence to determine the type of ransomware and attack path.

The client and Safetech personnel established the following engagement objectives:

• Determine the initial method and timing of the intrusion.
• Determine a timeline of events prior to the attack.
• Determine the users that were compromised and the IP from which the attack was launched.

Services provided for our customer