CERT incident response for a pharmaceutical laboratory

Context & objectives

CERT on-call triggered after a cybercriminal group disclosed the victim's data. Response within 12 hours: IS containment, forensic investigation and attack-chain identification, IS hardening, post-incident Active Directory and network configuration audit, lessons-learned review (details confidential).