2. Classification: Confidential Contains PII: No
5th
June
Invoice Portal Outage
09 00
Enquiring Mail
5th
June
09 45
Update from XYZ's IT operation team
XYZ Invoice Portal has been down for 1 hour and is not accessible to employees.
IT operations report that the support systems seem to be overloaded, but they are
investigating.
Dear Sir,
I am unable to access the invoice portal. We need to raise an invoice urgently for a customer.
Please look into the matter.
Regards,
XYZ employee3
To: Finance Manager, XYZs Ltd.
XYZemployee3@XYZ.co.in
Private and Confidential – For your urgent attention
A finance employee starts enquiring about XYS’s invoice portal and they are not able to
send the invoices.
3. Classification: Confidential Contains PII: No
13 00
5th
June
Ransom demand
22 00
Anonymous
You Have Been
Hacked!
You don’t know us but we most certainly know you and I trust now we have your attention. We have access
into your system and data.
While you were distracted by the DDoS, we have got hold of the Sensitive data from databases.
We demand payment of $500,000 to be paid in bitcoins within 48 hours else we will expose XYZ’s Project
XYZ data.
If you refuse to meet our condition, we will show no mercy.
THE CLOCK IS TICKING !!!!!!!!!!
WE ARE ANONYMOUS, WE DO NOT FORGET, WE DO NOT FORGIVE
WE OWN YOU
To: CEO, XYZ Ltd.
5th
June
Invoice Portal outage update DDoS attack
XYZ Office
Invoice Portal outage update: A new worm is released. When the worm infects a host, it
installs a Distributed Denial of Services (DDoS) agent, leading to a DDoS attack..
XYZ has already incurred widespread infections before antivirus signatures could
become available
A threatening email is received by the CEO from Anonymous
sender with the subject “ You Have Been Hacked”
4. Classification: Confidential Contains PII: No
6th
June
Forensic
Anonymous
You Have Been Hacked!
You don’t know us but we most certainly know you and I trust now we have your attention. We have access into your system and data.
While you were distracted by the DDoS, we have got hold of the Sensitive data from databases.
We demand payment of $500,000 to be paid in bitcoins within 36 hours else we will expose XYZ’s Project XYZ data.
If you refuse to meet our condition, we will show no mercy.
THE CLOCK IS TICKING !!!!!!!!!!
WE ARE ANONYMOUS, WE DO NOT FORGET, WE DO NOT FORGIVE
WE OWN YOU
To: CFO, XYZ Ltd.
10 00
Unavailability
of service
6th
June
12 00
Hello,
Apologies, but I have to use my Gmail as none of us in Finance team can access our computer this morning.
See the attached picture of the screen we are getting when we are trying to login. I am not sure if this is a joke. I have contacted
Helpdesk anyway.
If there is anything we need to know, please let us know.
Regards,
XYZemployee2
To: IT Infra Head, XYZ Ltd.
XYZemployee2@XYZ.co.in
Private and Confidential – For your urgent attention
The CFO receives the same e-mail from the Anonymous source
The deadline to respond passes
A locked screen appears on 15 of the Finance teams workstations
One of the users has taken a screen shot and sent it to the IT head
5. Classification: Confidential Contains PII: No
7th
June
Customer enquiring about data leak
22 30
Abhishek Pandey
Enquiry about data leak
Hi,
We’re coming across various tweets by Anonymous claiming
that they’re in possession of highly confidential data. Could you
confirm if this is true? If yes, is our content leaked as well, and
to what extent? Can you tell us to what extent the breach has
happened and what measures are you taking to limit and take
down leaked content?
Regards,
Abhishek
To: Customer.Care@XYZ.co.in
AB
7th
June
Ransom Demand
22 05
Hackers release video on several social media platforms
Customer reach out to enquire
about the hack, and to check
if their data is also impacted
6. Classification: Confidential Contains PII: No
7th
June
Media Coverage
Trust conf and rebuilding Infra
22 45
The news is picked up by many online forums and is going viral.
< < XYZ . HACKED !!! < <
8. Classification: Confidential Contains PII: No
Team A: Showing realty, internal problem , Blame Game , Short falls, Legal issues
Team B: Execute & come out of crisis , Bringing Back BAU
9. Classification: Confidential Contains PII: No
Team-A – What went wrong points
1. No focus to bring the business back to normal
2. No ownership
3. Approval was delayed
3. Ransom to paid – No Business ethics
4. Communication was delayed
10. Classification: Confidential Contains PII: No
Team-B – What went right
1. Top Management was supportive
2. Approval was provided
3. Root cause understood and corrective action taken
4. Provided the confidence and communicated
11. Classification: Confidential Contains PII: No
Cyber Crisis War Game Exercise
Key Takeaways And Roadmap
1. High Pressure on CISO from all directions.
2. CISO requires to take rest
3. Everyone needs focus only on Recovery and business normalcy.
4. CISO should not be disturbed by critics.
5. Be brutally honest and communicate it to everyone.
6. Focus on compliance and regulations.
7. Support the Auditors/partners/vendors and forensics
8. Proactive IRR
12. Classification: Confidential Contains PII: No
Key Takeaways
You will never have enough
time!
Even top executives with years of experience in
managing crisis aren't always prepared to handle
cyber incidents.
Not an IT Issue Only
Cyber security is a business issue affecting the
survival and reputation of the company
Don’t forget your employees
While everyone is firefighting with external
agencies, organizations often forget to
communicate about the cyber-attack situation to
their own employees.
Mock Drill - Not just one
time activity
People come and go, strategies change, but in
the end practice makes perfect.