Background
Core IT’s cyber security team were contacted by a company with over 300 employees which had been hit by a ransomware attack. Ransomware is can that encrypt an organisation’s information and disables its IT systems, as well as potentially stealing confidential data, demanding a ransom to provide access. Ransomware typically spreads across a network and targets database and file servers.
In this case, the company lost access to its email system and was unable to send or receive emails for a number of weeks.
Our first task was to identify the root cause of the issue. We spent a day on site establishing the extent of the problem and which users and equipment were affected so that we could isolate those issues. Within two days we had patched the servers and software and by the third day we had remediated the systems, bringing everything back online.
Outcome
Inevitably, there were some irretrievable losses and the company was unable to communicate with customers and suppliers until we had completed our remediation work. However, we have worked closely with the company to make sure they have robust anti-virus systems in place so they are not as vulnerable to future attacks. We have also advised them on the importance of keeping up with security patches to protect systems from emerging cyber threats. We have helped them establish policies and procedures and working practices that will ensure business continuity if any cyber or other emergency hits them in the future.
