Cyber Incident Victim: CyGilant

Cygilant, a cybersecurity firm specializing in threat detection, experienced a ransomware attack impacting part of its technology environment on or around September 3, 2020. The company’s Cyber Defense and Response Center team intervened immediately to halt the attack’s progression. Christina Lattuca, Cygilant’s chief financial officer, publicly acknowledged the incident, emphasizing collaboration with third-party forensic investigators and law enforcement to assess the attack’s scope and implications. The company reaffirmed its commitment to network security and enhancing its security protocols. Security analyst Brett Callow of Emsisoft attributed the attack to the NetWalker ransomware-as-a-service operation, which provided infrastructure for affiliate threat actors to execute such campaigns. NetWalker’s malware not only encrypted files but also exfiltrated data to attacker-controlled servers, enabling double-extortion tactics where victims faced both operational disruption and threats of data publication.

Evidence emerged when NetWalker operators published screenshots of Cygilant’s internal directories and files on a dark web leak site, signaling potential data exposure. The listing was later removed, though Cygilant did not disclose whether it paid a ransom or engaged in negotiations. Callow noted that NetWalker had previously delisted victims temporarily during negotiations or permanently upon payment. The company’s public statements did not specify which systems or data types were compromised, the operational or financial impacts, or whether customer information was affected. Cygilant’s response remained focused on containment, forensic analysis, and reinforcing security measures without revealing further technical or procedural details about the attack vector or recovery timeline.