Case Study

Incident Response Management in a Ransomware Crisis

Headerbild: Mann mit Tablet
  • Case Study
  • 3 minute read
  • 31 May 2023

The situation: Our client was a large owner-managed logistics company with around 3,000 employees and a turnover of around 200 million euros. Clients include major names from the chemical and pharmaceutical industry, retail and mechanical engineering. At the start of 2022, a large group of hackers encrypted important company data during a ransomware attack and threatened to publish it. This not only put the company at risk, but also the reputation of our client. The incident soon also received a big response in the media.

The request: Our client needed a comprehensive solution for implementing a new security concept, including appropriate technical solutions, clear communication guidelines and comprehensive stakeholder management.  

Our approach

We immediately identified the complex and dynamic crisis situation as an emergency in the initial assessment, which would require the expertise of our entire network:

  • The PwC Crisis Management and Joint Crisis Centre helped the company under attack to mitigate the immediate aftermath of the attack.
  • Our PwC Digital Forensic Incident Response Team conducted interviews, secured and analysed data from the affected computer systems on site to evaluate the situation as extensively as possible. 
  • We also involved our Legal Team and Claims Team and addressed the legal issues as early as possible.

Together, our teams identified the root causes of the incident – including undefined processes relating to the installation of new systems, running outdated software on production hardware – and made suggestions for sustainably strengthening cybersecurity in the company. Together with PwC Czech Republic, the employees then carried out endpoint monitoring based on Tanium solutions to ensure that further threat activities are detected at an early stage.

The added value

Thanks to the rapid response to the ransomware attack and the teamwork across all fields, the affected data and systems were restored via a second data centre in Frankfurt. With the PwC teams, our client has now also gained a strong cooperation partner to support cybersecurity, which identifies security gaps and threats across teams as early as possible. Both are important steps towards ensuring the digital resilience of the logistics company, as ransomware attacks and cyber attacks in general will continue to increase in the future – especially for SMEs. Smaller companies had frequently flown under the radar of criminals until now, but are increasingly becoming attractive targets for attacks, where major damage can be caused quickly across the entire value chain with relatively little effort.

“Cyber attacks are not only a threat to operations and data, but also to the reputation of companies. Prevention and effective countermeasures are key to establishing business resilience in the face of growing threats.”

Lorenz Kuhlee, Director, PwC Germany

Do you have further questions?

Contact our experts

Follow us

Contact us

Lorenz Kuhlee

Lorenz Kuhlee

Director, PwC Germany

Jens Greiner

Jens Greiner

Director, Forensic Services, PwC Germany

Tel: +49 175 3532089