Case Studies
Real Incidents. Real Recoveries.
Every case is different. The outcome doesn't have to be. Browse anonymized engagements from businesses across the region.
How a Regional Law Firm Recovered 4,200 Files in 36 Hours Without Paying Ransom
Saturday, 9:47 AM. A senior partner's assistant reached us through WhatsApp. 'I don't know how to say this, but we got ransomware. The desktop is locked. The server is locked. Everything is locked.' This is usually how it starts. Not on a weekday morning when everyone's alert. On a weekend. On a holiday. When the person who knows where the backups are is unreachable.
They Paid the Ransom. Then They Wished They Hadn't
We didn't get the first call. The firm called us after. By Wednesday morning, 1,800 files were encrypted. Without a dedicated IT security team, the managing partner felt cornered. They decided to pay — USD 12,500. Then the decryptor crashed on their server. Twice.
An Accounting Practice Had 200+ Client Files Encrypted During Tax Season
Accountants don't get the luxury of 'we'll deal with this next week.' Tax season has hard deadlines. Miss them and your clients face penalties — penalties your firm is contractually responsible for. 217 files, 3 clients with April 2nd deadlines, 94% recovered in 48 hours.
A Clinic's Patient Records Were Locked. They Couldn't See New Patients
A dental clinic in Asia. Three practitioners, roughly 200 active patient records, digital imaging files going back years.Monday, 7:02 AM — the clinic manager arrived to find the appointment system locked, patient records inaccessible, and the imaging software showing errors on every file.No patients could be seen that morning.
Freight Forwarder's Containers Were on a Ship When the Ransom Note Arrived
Most ransomware cases we handle, the damage is contained. This one was different. 23 containers on a ship, three vessels docking within the week, and a platform that managed everything — tracking, customs, port communication — went dark. 6-day forensic recovery.
48 Hours to Save a Shipment: Ransomware Recovery Under Deadline
You don't own the ships. You don't own the containers. You don't even own the space on the vessel. You have a booking — a slot, confirmed, paid for — that disappears if you don't deliver the cargo on time. This firm had 48 hours before a vessel sailed. Estimated exposure: USD 300,000.
An Insurance Company Upgraded Their Firewall. Then Someone Else Got In
The IT director arrived at 7 AM Friday to find his phone full of messages. 'We can't access the policy system.' 'The client portal is down.' 'Can you check the claims database?' Every file server encrypted. They'd upgraded the firewall the day before.