Latest Stories

Stay up-to-date with everything at Approach

Publication

When ransomware hits: Inside a real Qilin attack

Publication date

26.11.2025

A Qilin ransomware attack froze an industrial company within minutes. Encrypted systems, stolen data, operations halted. Approach Cyber’s technical and legal teams moved fast, contained the threat, met GDPR duties, and restored control in under 48 hours. This case study shows how coordinated response drives rapid recovery.

A ransomware nightmare and how we restored control in 48 hours

It started like any other Friday. Then, suddenly, everything stopped.

In an instant, screens went black, servers shut down, and a message appeared: “Your data is encrypted. Pay now or lose everything.”

Meanwhile, the client, a medium-sized industrial company, was the victim of a Qilin ransomware attack. Within minutes, operations were paralysed.

Despite using a reputable endpoint detection system, attackers bypassed defences, exfiltrated sensitive data, and paralysed the network.

Panic is human. Response must be professional.

The first instinct was panic and that’s normal.
But what companies often forget is that ransomware attacks are not just technical incidents.
There are legal, reputational, and business emergencies that require coordinated expertise.

Within an hour, our Approach Cyber emergency teams activated:

Fighting on two fronts : technical and legal

While one team worked to recover data and systems, the other ensured that the company met its 72-hour legal obligations:

  • Notification to the Data Protection Authority
  • Support for communication with clients and partners
  • Documentation for potential law enforcement investigation

Furthermore, leadership received clear guidance to make tough decisions, ensuring full transparency and building internal confidence.

The result: recovery, compliance, and resilience

In less than two days, the company resumed operations.
Also, data loss was contained. Regulators were informed properly.
And the incident became a foundation for better cyber security maturity.

“We were back in business within days. Approach Cyber helped us turn a nightmare into a learning experience.”

What this case teaches every business

  • EDR is not enough — even strong defences can be bypassed.
  • Preparation matters — knowing who to call saves precious time.
  • Legal compliance is inseparable from technical response.

 

> Read how we coordinate technical and legal crisis teams on our Incident Response page.

 

True story, anonymised. The details of the journey are factual; we have protected the client’s identity for security and confidentiality.

OTHER STORIES

When hackers pretend to be the law: The fake police case

Cybercriminals exploited human trust, not systems, to trick an employee into leaking sensitive client data. This case shows how DFIR, GDPR expertise, and coordinated crisis communication contained the breach across France and Switzerland.

From Firefighting to Cyber Resilience

What begins as a cyber security nightmare ends as a transformation story. This real-life case shows how one retail organisation, with Approach Cyber’s help, turned a ransomware attack into the catalyst for lasting resilience.

Bolster your cyber defences with our two deception techniques

Discover how two of the most commonly used deception techniques can improve your security at low cost.

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?

info@approach-cyber.com

Facebook-f Linkedin-in Youtube

Our certifications & labels

Facebook-f Linkedin-in Youtube