Thu, Mar 16, 2023

Seamless Response to Ransomware and a Cyber Resilience Upgrade

Seamless Response Ransomware Cyber Resilience Upgrade

A major logistics company was hit by a ransomware attack at a time when it was reviewing and upgrading its cybersecurity defense. Kroll provided seamless incident response to enable the company to act quickly to mitigate and minimize the damage caused by the attack. The company also deployed Kroll Responder, Kroll’s award-winning Managed Detection and Response (MDR) solution, giving it comprehensive 24/7 visibility and management of threats and enhancing its long-term cyber resilience.



  • Logistics
  • Ransomware attack affecting key systems
  • Small in-house security team
  • Lack of 24/7 threat detection and response specialists



Kroll Services
  • Kroll Digital Forensics and Incident Response
  • Kroll Responder MDR
  • Swift recovery from ransomware attack
  • 24/7 threat monitoring
  • Enhanced cyber resilience

The Challenge

The company was in the process of rolling out its EDR solution with the aim of understanding the typical volume of alerts it received around-the-clock, before deciding on further enhancements needed to its cybersecurity strategy. As part of this, the company was reviewing how its team managed alerts; while it had a 24/7 response team, it was not dedicated specifically to security operations. The company was looking for a way to cost-effectively scale up the team and its capabilities, using a specialist in threat response.

As the rollout of the EDR solution was taking place, along with the conversation of handling out-of-hours alerts, the company was hit by a ransomware attack. In response, the company appointed Kroll as its digital forensics and incident response firm.

Kroll's Solution

Kroll’s Incident Response team worked fast with the company to contain the threat, prevent further damage and investigate the events leading up to the attack. Kroll installed its managed detection and response solution, Kroll Responder, to provide 24/7 threat management. All while being cognizant of the company’s longer-term objective to maintain its security strategy.

As a result, the company was quickly able to move out of incident response mode and transition back to business-as-usual. With consensus around the success of the recovery, the company was keen to retain the 24/7 security monitoring provided by Kroll Responder and build on the other security gains made. The next stage was to create a  transition plan, with a view to moving in full to the company’s endpoint detection and response solution of choice as planned prior to the ransomware attack.

The company takes advantage of a hybrid, collaborative model with Kroll, giving it a high degree of control and visibility, while maintaining 24/7 support.

The Impact

Seamless Incident Response Support

The rapid incident response delivered by Kroll’s global network of certified security and digital forensics experts enabled the ransomware attack to be managed and mitigated effectively and quickly, allowing the company to get back up and running as soon as possible.

Comprehensive Attack Analysis & Recovery

Kroll's digital forensics experts analyzed the ransomware attack to quickly and safely uncover critical information to aid recovery. This enabled the company to gain a comprehensive understanding of the vulnerabilities that may have led to the attack, highlighting critical areas for improvement and enhancing its resilience against future attacks.

Actionable Threat Intelligence

The company benefits from the intelligence Kroll gains through responding to 3,000+ incidents every year, with insights drawn from multiple events, clients, sources and experts. Continually updated threat intelligence passed back into triage helps to inform the company’s in-house team and enhances detection capabilities.

360-Degree Threat Visibility

The company now has continual and comprehensive visibility of threats. Kroll Responder’s tech-agnostic approach allows this intelligence to fuel detection and build a more resilient, integrated organization, from Security Information and Event Management (SIEM) and EDR to vulnerability scanning and behavioral monitoring.

Maximize In-House Security Team

Kroll Responder’s 24/7 monitoring capabilities have maximized the benefits of company’s in-house security team, allowing it to focus its attention on systems that are particularly complex or difficult to manage. The company security team now benefits from Kroll’s world-class team of threat analysts, seeing frontline threat intelligence from incident response cases in real time, while alleviating the requirement of recruiting and maintaining the skillset of an in-house, out-of-hours security team.

Alongside this, the regular service reviews provided as part of the Kroll Responder MDR service enable the company to stay continually up to date with the profile and level of its risk. Kroll provides a vital checkpoint while also removing the administrative burden from the company.

Enhanced Cyber Resilience

The company gained valuable insights through Kroll’s incident response and post-incident investigation. This, combined with the ongoing monitoring and threat intelligence provided by Kroll Responder, means that the company is much better placed to defend against ransomware attacks and other cyber threats in the future, ultimately creating a stronger foundation for the company’s ongoing cybersecurity strategy.

Stay Ahead with Kroll

Kroll Responder MDR

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

Computer Forensics

Computer Forensics

Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.

Incident Response and Litigation Support

Incident Response and Litigation Support

Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year and have the resources and expertise to support the entire incident lifecycle.

Return to top