Responding to Ransomware Attack [Case Study] | Interview with Yannick Hirt

Dejan Kosutic interviews Yannick Hirt from ODCUS about his experience with a real ransomware attack on an international industrial company. They discuss likely phishing entry via a privileged IT account, overnight encryption, and setting up a war room. The company restored critical systems from verified cloud backups without paying, while briefly negotiating via a Dutch specialist as the attacker threatened data release. Key lessons include tested backups, detection and provider SLAs, privileged access controls, BIA/process mapping, strong documentation and forensics, communications, insurance coordination, and regular training.Links from the episode: - Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits - Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account  - Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining  (00:00) - Interview with Yannick Hirt (00:54) - How the Attack Started: Cloud Transformation, Gaps, and a Phishing Entry Point (04:06) - Day Zero Response: Disconnecting Systems and Standing Up the War Room (07:54) - Early Critical Decisions: Recovery Streams, Stakeholders, Police & Insurance (09:08) - Restore vs Rebuild: Mapping Critical Apps and Validating Backups (11:11) - Talking to the Attackers: “Service Desk” Negotiations and Typical Ransom Size (14:09) - To Pay or Not to Pay: Strategy, Data-Leak Risk, and Criminal “Reliability” (16:12) - Recovery Timeline & Aftermath: Dark Web Leak, Employee Calls, and Government Response (21:20) - Who Decides the Recovery Order? IT + Business Alignment (23:47) - PR in the War Room: Internal Updates, Guidelines & External Liaison (25:06) - Senior Management’s Real Job During Recovery (27:38) - Working With Cyber Insurance: Support Now, Paperwork Later (30:37) - Forensic Report Deep Dive: Entry Point, Lateral Movement, and Tradeoffs (32:25) - Consultants in a Ransomware Crisis: Networks, Pragmatism, and Calm (41:30) - Resources for Consultants and Cybersecurity Professionals