Case Study, Technology Services • Published 12/01/2016 Recovering from Ransomware Virus: Helping One Client Fight Cyber Attacks

Challenge

When a company experiences a threat to their cybersecurity, it is hard to perceive its intended impact and even harder to combat the threat. As the global, technological landscape changes, cyber-attacks continue to increase in both frequency and complexity, and present a very real threat to a business’s reputation, client relationships and revenue stream. When our client, a retailer based in Louisiana, encountered a cyber-attack unprecedented for their business, P&N Technology Services Group had to overcome new client challenges as well as technological and reactionary ones.

The last thing this client expected was a complex and fast-moving attack on their entire computer system. The offender was a Version 3 Cryptolocker infection, a form of ransomware. Ransomware is a cyber-virus designed to acquire a server’s files and threatens to publish them for ransom. This particular infection was a trojan ransomware, which means that it infects a specific user, typically via email, and uses that computer to access the main server. Our client’s shared folders were accessible by all employees, so when the user was infected, all the shared files were vulnerable. For this client, it meant over 30 computers and 12 servers were affected. P&N Technology Services Group had to work fast to secure a mountain of sensitive customer data. When this client came to P&N, our engineers were wholly unfamiliar with the established infrastructure. Our team had to work quickly to understand and navigate their current systems and resolve issues:

• Active Directory user and computer accounts were out-of-date and lacked organization
• No policies and procedures were in place regarding the discontinuation of outdated data records, such as terminated employee information and invalid accounts
• No established policies and procedures for employee access to the company’s resources

In just 51 hours, the P&N Technology Services Group was able to learn the client’s network, resolve the immediate threat and issue recommendations on how to improve their cyber security measures for the future.

Michael Richmond 
P&N Technology Services Group

Approach

One of the biggest hurdles in dealing with our client’s recent cyber security attack was the short amount of time P&N Technology Services Group had to get in and address the problem. Cyber-attacks can cause damage in almost no time and knowing how to respond to the attack quickly was crucial. An experienced team of P&N’s IT professionals were able to quickly mobilize and respond to attack. When our client needed us, we were able to address their concerns rapidly. P&N Technology Services Group worked to successfully backup all of the client’s servers despite the ransomware encrypting key servers. The team used Veeam software to recover data and restore all 12 of their servers while updating and patching the existing software and installing centrally managed anti-virus protection. Our team helped our client:

• Establish procedures for employee network access to adhere to best practices
• Collaborated with the client’s Human Resources department to create organizational charts reflecting the business structure and how it relates to the established computer networks and access
• Create an employment and termination procedure flow chart and critical data list identifying specific groups that should have access to certain resources

 

Results

After a crisis of this size, our client wanted to be sure that they were protected now and into the future. Aside from emergency management, P&N can work with clients to build better cyber security strategies and regularly check for vulnerabilities in their systems and provide advanced consulting and mitigating technologies. For this client, P&N Technology Services Group was able to perform a review of the IT infrastructure to determine vulnerabilities from unpatched or obsolete servers and network devices. The team made sure all 30 of the client’s computers were fully patched and running anti-virus software, which we then reviewed and configured to maximize the client’s use and protection. “We worked with the client to establish procedures for handling terminated employees and maintain active computer accounts,” said Michael Richmond, Chief Operating Officer, P&N Technology Services Group.

Working with P&N, clients know they are making the right decision when it comes to cyber security, immediate response, and crisis management. Clients just like this retailer work with us every day to help protect their organizations from potential vulnerabilities and be ready when faced with today’s cyber-attacks.