Data Theft started with an Email

Our victim here is MR. M, who had checked his emails one night before going to bed, as he had always done. He downloaded an important-looking PDF file to prioritize for the next morning’s schedule. He lived his life organized and thorough. It was busy enough for him to not notice anything wrong with that pdf. Because a normal 3-page pdf file should never exceed kilobytes in size. But the size of that document was about 5 megabytes.

After waking up, to his utter disbelief, he found that all of his documents, including that PDF, were gone. His computer worked fine, there was a slight lag, that regular user wouldn’t notice. He had more pressing concerns. Still, he didn’t realize that he was a victim of data theft.

The hard drive was empty except for the installed software. He kept his passwords, bank accounts, and financial details on a password-protected tool. That was gone, too. His misfortune compounded when he saw his google drive full of personal, family photos were taken as well. The Dropbox with his official documents had nothing in it. These led him to open his email where he found out everything that happened to all his data. Before that day, he only read about these kinds of events in the newspapers and saw them on the television screens. It seemed too unreal to be true.

Of course, the email came with a threat of leaking the information, a caution for not going to the police, and a demand for money.

Mr. M’s entire career was riding on that data, not to mention his and his family’s privacy as well. He decided to give in by sending the money as asked. But he never got back all the stolen data. The perpetrator had kept the string tightened around his neck for further extortion. At that point, Mr. M hired us.

Data Theft Incident Response

Upon auditing his devices and traffic, we found out that the hacker got in through a Trojan Horse laced into that PDF file. We removed the dormant virus from the client’s device and then investigated the file, the email with which it came attached, and the place where it was originated from. After a successful back-tracing, we got into the hacker’s system and identified the server where he was keeping the stolen data. We wiped the client’s data off of that server and recovered it all.

Finally, we scanned every device client was using for viruses and disinfected them accordingly. Then, we secured the devices and network with our proprietary tools and techniques.