Dejan Kosutic interviews Yannick Hirt from ODCUS about his experience with a real ransomware attack on an international industrial company. They discuss likely phishing entry via a privileged IT account, overnight encryption, and setting up a war room. The company restored critical systems from verified cloud backups without paying, while briefly negotiating via a Dutch specialist as the attacker threatened data release. Key lessons include tested backups, detection and provider SLAs, privileged access controls, BIA/process mapping, strong documentation and forensics, communications, insurance coordination, and regular training.
Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining
- (00:00) - Interview with Yannick Hirt
- (00:54) - How the Attack Started: Cloud Transformation, Gaps, and a Phishing Entry Point
- (04:06) - Day Zero Response: Disconnecting Systems and Standing Up the War Room
- (07:54) - Early Critical Decisions: Recovery Streams, Stakeholders, Police & Insurance
- (09:08) - Restore vs Rebuild: Mapping Critical Apps and Validating Backups
- (11:11) - Talking to the Attackers: “Service Desk” Negotiations and Typical Ransom Size
- (14:09) - To Pay or Not to Pay: Strategy, Data-Leak Risk, and Criminal “Reliability”
- (16:12) - Recovery Timeline & Aftermath: Dark Web Leak, Employee Calls, and Government Response
- (21:20) - Who Decides the Recovery Order? IT + Business Alignment
- (23:47) - PR in the War Room: Internal Updates, Guidelines & External Liaison
- (25:06) - Senior Management’s Real Job During Recovery
- (27:38) - Working With Cyber Insurance: Support Now, Paperwork Later
- (30:37) - Forensic Report Deep Dive: Entry Point, Lateral Movement, and Tradeoffs
- (32:25) - Consultants in a Ransomware Crisis: Networks, Pragmatism, and Calm
- (41:30) - Resources for Consultants and Cybersecurity Professionals
