Case Study: Nexigen’s Response to a Phishing Attack 

Case Study: Nexigen’s Response to a Phishing Attack : Reading time: 12 mins

Company: Nexigen 

Client: Confidential 

Industry: IT Security and Cybersecurity 

Introduction 

The client, a medium-sized organization, had been targeted by a phishing attack that resulted in a security incident. The attack was initiated through an email that contained malicious code, which was accidentally executed by a user. The code then spread through the network and used a crypto-like feature to encrypt the computers on the network, demanding a ransom payment for decryption. 

Nexigen was contacted by the client to respond to the incident and remediate the problem. Not only did Nexigen perform the incident response, but they also successfully performed the recovery of the systems, an aspect that sets them apart from other companies who are not capable of both. The company mobilized its advanced cyber security tools, IT operational resources, and incident response team to cleanse and restore the environment. Nexigen was successful in mitigating the attack, and an incident report was created and handed to the client. The incident report was validated by the FBI, who approached the customer with findings that matched Nexigen’s exactly. 

The objective of this case study is to highlight Nexigen’s expertise, prompt response, and effective remediation of the phishing attack, which resulted in the restoration of the client’s environment and the prevention of future attacks. 

Upon receiving the call from the client, Nexigen immediately deployed its incident response team to assess the situation. The team conducted an initial assessment of the network and confirmed that the attack had spread across the network, infecting multiple computers and encrypting sensitive data. The team then took steps to contain the attack, isolating infected computers and preventing the spread of the malicious code. 

Nexigen deployed its advanced cybersecurity tools, including endpoint detection and response, to identify and remove the malicious code. The tools were able to detect and isolate the infected computers. After forensic evidence was collected for offline evaluation, the recovery team jumped into action to start the process of recovery and use the information gathered by the IR team to determine the extent of the systems that needed to be recovered. The IR team provided the RPO needed to restore data without re-infecting systems. 

Nexigen’s IT operational resources were deployed to clean up the environment and restore the encrypted data. The team used specialized software to remove the malicious code and restore the encrypted data, ensuring the client’s environment was back to its pre-attack state. 

Nexigen created an incident report detailing the steps taken to mitigate the attack and restore the environment. The report included an analysis of the attack, including the methods used and the extent of the damage. The report was handed over to the client, who validated its accuracy with the FBI. 

Nexigen’s prompt and effective response to the phishing attack prevented the client from suffering further damage. The attack was contained and the environment was restored to its pre-attack state. The incident report created by Nexigen was validated by the FBI, which demonstrated the company’s expertise and the accuracy of its findings. The report produced by Nexigen assisted the client in prioritizing the remediation work by addressing the highest risk items first and putting faster manual work-a-rounds in place to help reduce risks before more permanent solutions could be implemented. 

Nexigen’s response to the phishing attack demonstrated its expertise in incident response and remediation. The company’s prompt response, deployment of advanced cybersecurity tools, and effective remediation resulted in the successful mitigation.