Looking for software development? We've movedGrassFed.dev

Ransomware Exposure Mapping

A focused forensic review organized confirmed sensitive-data exposure so the company and its counsel could plan next steps.

Ransomware Exposure Mapping

Industries

Industrial Equipment

Services

Digital Forensics

About the project

A ransomware incident resulted in a large public data leak involving an industrial equipment company. The released files included payroll, accounting, email, benefits, claims, scanned records, and financial material. Reviewing every file manually was not feasible, while reporting and legal questions called for reliable findings.

The company and its counsel needed an evidence-based summary of confirmed exposure categories, along with an organized list of the people and businesses identified during the review. The goal was to support response planning without treating the released archive as a complete inventory of everything that may have been taken.

What we did

  • We limited the review to data that had been publicly released and tied each finding to material that could be confirmed. This boundary separated known exposure from the still-uncertain scope of the broader incident, keeping the assessment useful without suggesting that the public archive represented all data that may have been taken.
  • We combined targeted manual inspection with automated parsing and scripting to examine a large, varied dataset. The work covered employee and payroll files, accounting backup stores, direct-deposit records, benefits and claims spreadsheets, email archives, scanned images, and related financial documents, with the review centered on high-impact personal and banking information.
  • We organized confirmed findings into practical exposure categories, including identity and tax records, medical and workers’ compensation information, employee banking details, and banking data tied to outside businesses. Near-duplicate records were retained conservatively to reduce the risk of omitting affected parties from later outreach or notification planning.
  • We created a structured record of the people and businesses identified during the review and added available contact information where it could support outreach. The final summary also documented smaller sets of credential and payment-card findings, explained the assessment’s limits, and gave the company and its counsel a clearer basis for reporting and response planning.

Technologies Used

Autopsy

Autopsy

Powershell

Powershell

Microsoft 365 logo

Microsoft 365

Browse more projects

Connected Vessel Risk Review

Connected Vessel Risk Review

Account-to-Server Takeover Test

Account-to-Server Takeover Test

Contact Us