SITUATION
After a large law firm fell victim to a ransomware attack, FTI Cybersecurity was retained to assist with recovery efforts and to help the firm determine if they should communicate with the threat actor. The firm also needed to assure their largest client they could continue to provide support without the use of compromised devices and accounts, so FTI Cybersecurity subsequently assisted the firm in creating a new entity under an LLC for their eDiscovery services. The firm had been considering this for a number of years, but this ransomware attack made the transition necessary in order for the firm to continue securely assisting their clients.
OUR ROLE
FTI Cybersecurity deployed a rapid response team onsite to facilitate the delivery of a new IT infrastructure, with the goal of establishing a standalone spin-off eDiscovery entity with its own website, cloud environment, and 40 cloud-joined computers. Our team segmented users by implementing identity and access management, improving email and Internet connectivity security.
Once the secure cloud environment was established, the FTI Cybersecurity team began to implement cybersecurity controls and policies. This consisted of immediate implementation and configuration of a new IT environment including a new domain, active directory, and cloud-based application platform. FTI Cybersecurity also assisted in hardware procurement and configuration, system imaging, application deployment, onsite support, data retention, and maintenance of backups. Our team worked to ensure compliance, while also leveraging cybersecurity best practices and implementing required controls.
OUR IMPACT
With the help of our team, and the ability to leverage a new and secure IT infrastructure, the law firm was able to continue supporting their own clients through their newly established eDiscovery entity. In addition to recovery efforts, FTI Cybersecurity has continued our partnership with the law firm to assist in developing new policies, including an IT governance and data security policy and a data retention policy framework.