Ransomware in a regional hospital group
How BKK contained an active double-extortion ransomware incident across three facilities and restored core services without paying ransom.
- · Deployed containment playbook across disconnected clinical systems.
- · Isolated affected network segments while preserving treatment continuity.
- · Performed forensics to support negotiations and insurance processes.
Business email compromise in cross-border logistics
Attackers silently monitored mailboxes for months. BKK reconstructed the full timeline, closed the gaps and supported legal and regulatory response.
- · Reconstructed attacker activity across multiple compromised mailboxes.
- · Coordinated password resets, session revocation and mailbox auditing.
- · Implemented additional controls for payment verification and approvals.
Red team against hybrid on-prem / cloud bank
Simulated state-grade adversary, chaining physical access, phishing and cloud misconfigurations into a full takeover.
- · Tested detective and preventive controls across branches and HQ.
- · Ran purple team workshops after each kill-chain stage.
- · Delivered roadmap that aligned security spend with real attack surface.