window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-NMNT7YMYEV');

SERVICES

At Nihon Cyber Defence (NCD) we see the impact that cyber-attacks and in particular ransomware attacks can have. Whilst it has been major ransomware attacks that have dominated the headlines, the reality is that an enormous range of organisations are being impacted.

This increase in the number and sophistication of attacks has been driven by Ransomware as a Service (RaaS), that has made sophisticated cyber tools available to a growing range of criminal groups.

Dealing with a major cyber incident

For an organisation’s senior management, a ransomware attack is a major test of leadership. At NCD we believe that is important that senior managers, who are often under immense pressure, are supported through an incident. We have therefore – at the suggestion of several organisations that we have helped – are launching a cyber security advice service.

The key elements of this service are that it is:

  • Confidential
  • Cost effective
  • Provides access to world-class cyber security experts
  • For anyone in a leadership position

Purpose

The sole purpose of the NCD Advice Service is to help you recover from a Cyber Attack

Process

The way that this service works is:

  • Companies that believe that they may have become the victim of a cyber-attack, contact NCD through our online portal (please do not use an email address that may have been compromised in the attack).
  • A Non-Disclosure Agreement (NDA) is quickly put in place to ensure complete confidentiality.
  • After an initial discussion with a native Japanese speaker, a secure video conferencing call will be set up between the company’s management and world-class cyber security experts who have dealt with many hundreds of cyber security incidents. This call can be in English or with Japanese translation.
  • During the call senior managers CEO’s, CIOs, CFO’s, CISO’s or anyone else who finds themselves in a cyber incident management leadership role will have the opportunity to ask questions of these experts. These can be general questions around best and poor practice or specific technical questions.

Asking the right questions

For senior managers who do not have a technical background we will equip you with the questions to ask of your Incident Response team. They could include:

  • Technical Understanding – How did the incident happen? Has the access and attack vector been identified and closed? Is the attacker off the network or still there? Is there still a risk of further attack
  • Mitigation – What is the damage? What data has been affected or exfiltrated. How do we deal and mitigate this?
  • Attribution and Investigation – Who was behind the attack? Why was the victim targeted? Is there an option to pay? Will we negotiate to identify the data exfoliated or to delay exposure? Do we know where the exposure will be … can we disrupt this? Can we recover the encrypted data? Should you involve law enforcement?
  • Regulatory– What action is required from the data protection authorities or financial regulatory authorities?
  • Comms – What is the internal and external Comms plan? Will this be protective or reactive (pending exposure)? How will we inform affected data subjects?
  • Resilience – What is the plan to rebuild our network securely and how can we re-establish customer confidence and commercial reputation?
  • Governance – What advice and guidance should be made available to the Board during an incident? How should the Incident be managed?
  • Support – What external support do you require? As importantly, what support do we not require? How do we manage the expense of this support?
  • Engagement with the hostile actors. Should we engage? What are the risks associated with paying the ransom? How should engagement be taken forward?

Whilst this is designed to be a one-off service, many of our clients have found our experts’ advice to be invaluable and ask us to remain engaged acting as a critical friend or to provide specialist technical services through the attack.

Other services

This service is in addition to our existing incident management response consultancy framework which covers:
  • Preparation– boards awareness, incident planning and exercising 
  • Monitoring – developing the deployment of the technical solutions pre and post in a cyber incident
We also provide a highly confidential service for organisations who believe that they may have been the victims of an attack involving an insider.

Consultants

Our customers tell us that, having won the work, the major consulting companies use primarily junior staff to carry out the work. At NCD we only use consultants with many decades of experience.

Latest Ransomware News!!

Latest Ransomware News
user

Microsoft draws connections between Raspberry Robin malware and Evil Corp attacks

On Thursday 28th of July 2022, Microsoft researchers revealed that an access broker (DEV-0206) they have been tracking has been observed using the Raspberry Robin Windows worm to deploy a malware downloader on networks as well as showing signs of Evil Corp pre-ransomware deploy tactics. According to Microsoft’s threat intelligence advisory, they have found Raspberry Robin malware on the networks of hundreds

Read More »
Latest Ransomware News
user

LockBit make wrong claim about an attack on the Italian Revenue Agency

After LockBit’s claim of attacking the Italian Revenue Agency on the 25th, an investigation done by the Red Hot Cyber (RHC) open-news project has revealed that the stolen data is from another Italian organisation, GESIS Srl. The investigation discovered that the threat actor who stole the data was an affiliate and when asked if they were sure that the data

Read More »
Latest Ransomware News
user

WordFly experiences a ransomware attack, resulting in the loss of stolen data

On Sunday 10th of July 2022, WordFly, a major mailing list provider experienced a ransomware attack which resulted in the WordFly website being taken offline as well as data related to their clients being stolen. In an announcement released on Tuesday 19th of July 2022, WordFly stated that their engineering team discovered a network disruption on Sunday 10th of July

Read More »
Latest Ransomware News
user

LockBit ransomware group claim to have stolen 78 GB of files from the Italian Revenue Agency

On Monday 25th of July 2022, the LockBit ransomware group listed the Agenzia delle Entrate (Italian Revenue Agency) on their data leak site where they claimed to have stolen 78GB of data and are threatening to leak the allegedly stolen data if a ransom isn’t paid by Sunday 31st of July 2022. LockBit has claimed that the allegedly stolen data

Read More »
Latest Ransomware News
user

St. Marys, a small Canadian town hit by LockBit ransomware

On Wednesday 20th of July 2022, the Canadian town of St. Marys in Ontario experienced a ransomware attack that locked staff out of internal systems and encrypted data. The incident has been claimed by the LockBit ransomware group who posted a listing on their data leak site as well as provided some of the screenshots of the stolen files as

Read More »
Latest Ransomware News
user

Ransomware gang breaches digital security giant Entrust

On Wednesday 6th of July 2022, Entrust, a digital security giant confirmed that it experienced a cyberattack that occurred on Saturday 18th of June 2022, where threat actors breached their network and stole corporate data from internal systems. The confirmation of the incident was announced to Entrust’s customers via a security notice. The customers who could be affected by the

Read More »