Incident Response Support:
Member-based organization


Challenge:
Resolute was engaged by a member-based organization after it became a victim of a ransomware attack. The organization’s systems, including network file servers, phone system, internal HR data and membership information were all encrypted. The organization, which includes several hundred employees who operate from offices in multiple states servicing more than 50,000 individual members were suddenly rendered completely ineffective and unable to conduct basic daily operations.

Strategy and Tactics:
Resolute engaged immediately, had an incident response professional on site within an hour of being called and conducted an immediate assessment of the situation to develop a recovery and response plan. After completing the initial assessment, it was clear the response protocols the organization believed were in place were in fact ineffective, hampering any type of timely recovery.

Resolute, in conjunction with a IT recovery specialist, immediately developed an internal response team, incorporating all of the organization’s key divisions, including IT, HR, communications, legal and membership. Working with the response team, Resolute developed a crisis communications plan to immediately inform all relevant parties of the current situation and plans moving forward. Resolute than worked with the organization to move from containment to a recovery phase, identifying a forensic response team to further aid in the process to stop, contain and control the incident to recover from the attack.

Outcome:
After several weeks of ongoing activities and implementation of the response plan by the entire team, the organization’s network and infrastructure was restored and normal operation could resume.