31/01/2022
During a ransomware incident, CSIRT Synacktiv noticed that the bitlocker mechanism was used to encrypt company and user files. This blogpost does not intend to retrace the whole incident response process. The idea is to illustrate how we managed (or not) to recover encryption keys and save a few workstations from their terrible fate. The incident took place few months ago.