Industry: Insurance
Situation:
- A ransomware entered through an Exchange server and it took several weeks before it was triggered. The attackers entered undetected in order to study the network, the servers, the backups, to see what the employees were doing, etc. and above all, learn how much money the company had and could pay in ransom.
- One Friday night, the ransomware encrypted all their workstations, servers and even damaged backups and overnight they lost access to all their data.
- On Monday morning the client called us, all workstations had the message: “you have been hacked, contact us for recovery”.
Solution:
- Present started by doing some forensics to see the logs, know when and where the hackers got in and start fixing the situation.
- It took more than a month to get them fully back on track, but we prioritized the steps to get them back partially operational after a few days.
- We then deployed our managed security services across their entire environment.
- We also structured their backups following the 3-2-1-1-0 best practice (3 data sets (1 production + 2 backups), 2 types of backups including 1 off-site copy, 1 immutable, 0 error).
Benefits:
- Today, the client is guaranteed to have the best protection against all types of attacks.
- Quite regularly attempts are detected and repelled so that the company can operate and serve its customers.
- They did not have to pay the ransom.
- The client does not need to have a dedicated team around the clock or rare and expensive in-house expertise.
- Everything is automated by an artificial intelligence detection system and monitored by Present experts 24/7.
*Note that at the time of the intrusion, the company was a long-time Present client but had not yet adopted managed security.