What We Faced
Challenge
An emerging, integrated oilfield services company found itself grappling with a ransomware attack which had infiltrated their IT infrastructure, leading to significant business disruption. The cybersecurity incident had disrupted multiple mission-critical functionality, leaving users without access to their primary business applications for several days. Business transactions had come to a halt, and sensitive data had been lost.
The oilfield services company brought MRE in to lead the response to the ransomware attack. Once engaged, MRE investigated and discovered the presence of ransom notes and dropper files, which are files designed to complete a backdoor installation of malware to a computer.
A review revealed that the point of entry for the attack was through the VPN. The company lacked ransomware monitoring tools and multi-factor authentication which are common vulnerabilities.
What We Did
Solution
MRE restored the company’s IT operations, prioritizing stabilization of network connections and security so business users could get back online and back to work as quickly as possible. Next, we moved to data restoration, recovering over 90% of the compromised data. Specifically, MRE helped the customer get back up and running by:
- Restricting application access to strategic accounts
- Restoring application security access to prioritized users
- Quantifying data that had been compromised and/or lost
- Searching, analyzing, restoring lost compromised data
- Deploying newly secured applications to all business users
- Changing user log-in credentials and firewall ports
Throughout the response, MRE partnered with the customer’s internal IT team and business users. Fortunately, the customer’s IT team already had an established set of secure data backups, so we were able to work together to restore data and get the company back online in short order. According to a report by At-Bay, only about 63% of organizations successfully restore their data after an ransomware attack.
What We Delivered
Results
MRE’s preparedness and leadership of the ransomware response enabled the client to recover quickly. The client experienced: Rapid restoration of operational IT and business systems.
Multi-factor user authentication to protect critical business systems | Transparent communications throughout the crisis-management process | Strategic advice informed by decades of IT Managed Services delivery |