Bastion Host + Facial Sign‑In Traces a Ransomware Hacker to Justice

How a mid‑sized Canadian investment firm used Axiam’s Bastion Host with liveness‑verified Facial Sign‑In to block an intrusion, produce court‑ready identity evidence, and enable prosecution—without paying ransom.

Passwordless Phishing‑resistant Zero Public IP Audit‑ready
Impact Summary
$1.54M
Avg. ransom avoided / incident*
23 Days
Downtime avoided*
+12%
Client acquisition post‑incident
5 Years
Sentence of offender
* Benchmarks & internal analysis; customize per client.

Customer

FTBC Capital — a Canadian investment management firm overseeing $1B AUA. Targets of repeat ransomware attempts by the ShadowCrypt group.

Challenge

  • Prevent privileged access compromise without relying on passwords/MFA.
  • Eliminate exposed network surfaces (no public IPs, no brute‑force).
  • Create non‑repudiable identity evidence to support prosecution.

Incident Timeline

T‑0
Spear‑phish attempt

Malicious link clicked; credential harvesting fails—no passwords exist.

T+1h
Blocked Brute‑Force

SSH/RDP scans hit bastion; biometric gate stops sessions pre‑auth.

T+2h
Insider Assist Fails

Liveness challenge records attacker’s face at insider device.

T+2d
Law Enforcement

Audit video + device/geo metadata shared with RCMP cybercrime.

Evidence Pillar 1

Biometric Audit Trail

Liveness check captures attacker face; tamper‑evident video hash archived.

Evidence Pillar 2

Attribution Metadata

Device fingerprint + IP/geo context correlated with existing case files.

Evidence Pillar 3

Court‑Ready Exports

Time‑stamped session logs + chain‑of‑custody package for prosecutors.

Results

Ransom Paid
$0
Service Downtime
0h
Customer Churn
−0.0%
Offender Outcome
5‑year sentence

Figures are representative; update with your verified metrics.

“With Axiam’s Bastion + Facial Sign‑In, there were no credentials to steal and no public IPs to probe. The audit video made the difference—turning an anonymous incident into a prosecutable case.”

— CISO, FTBC Capital

Architecture Snapshot

Client Device
  • Camera + liveness prompts
  • Face template encrypted on device
  • No secrets stored locally
Axiam Bastion
  • Face‑verified token issuance
  • Policy/segmentation enforcement
  • SIEM/SOC streaming
Protected Resources
  • Servers • VPN • DB • Apps
  • Privileged access only
  • Full session recording

Bring Verified Identity to Your Perimeter

Retire passwords and weak MFA. Gate every privileged session with a verified face.

Phishing/MitM resistant
No keys to manage
No public IP exposure
Court‑ready audit trail
By submitting, you agree to Axiam’s terms.