// Blog
13 days in October: a cyberattack, total IT shutdown, and an innovative approach to IT security
Date: February 21st, 2023
Imagine for a moment that you come to work early one fall morning. You are a core member of a group’s IT team, spread in different regions and countries around the world. You turn on your computer to start the day only to discover that nothing works. Absolutely nothing. Your entire global IT has been locked down, and you have access to neither Outlook nor your Active Directory, neither your SSO not to any of your trusted certificates. Nothing works.
An attack is the furthest thing from your mind. What did I do wrong, you think. You begin to panic though as you realize the true extent of the problem. It’s not just you. Your colleague in the desk next to you doesn’t have access. No one can pull up their mails on their laptops or their phones. Your company apps have stopped working. For a moment your business is frozen in the digital dark ages.
What do you do?
First, you get a cup of coffee. It’s one of many that you’re going to need today and, in the days and weeks to come. You’ve had your moment to panic, but now it’s time to get to work, figure out what the problem is, mitigate the damage, and get everything back online as soon as you can.
The first thing you realize is that you’ve been hit. A phishing attack – a low tech smash and grab job – has resulted in parts of your data being stolen and encrypted. The thieves are demanding a ransom to get it back. And while your management and legal teams are deciding how to react to the ransom demands, it’s up to you and your teams to get the global IT up and running while also ensuring that you won’t be hit again.
It’s now 10am, and you drink your sixth coffee of the day.
A horror story with a happy end: Complete restoration, full visibility, and improved IT security
Sounds frightening, doesn’t it? A cyberattack is a horror story we hate reading about and never want to live though. But with ransomware attacks at an all-time high – 50% more per week than in 2020 – the horror is far closer than we probably care to admit.
The consequences of an attack can be severe. In this case, the global grocery retailer was left without its IT. No cash registers, no apps, no automated price labelling system, no printers, nothing. Well, nothing except its fax machines, which roared to life with people all over the globe seeking answers.
Even though the organization had a disaster recovery plan, the plan depended on a functioning IT backbone. The attack stripped them even of that.
The countdown was on. To get its business back on its feet, the organization needed information about its IT layer. Because we had previously worked with the organization on a recent Software Asset Management project where, among other things, we inventoried the entire enterprise infrastructure, we were able to supply the organization with a backup copy of their inventory.
While the data was a year old, it still gave them a baseline overview of their hardware assets, so they could begin restoring their IT. As they restored their systems, they refreshed the data and stored it as part of a managed services solution on Raynet servers, giving them continued access to the data even in the event of another attack.
Within just 13 days, the organization had a handle on its most critical systems, allowing it to return to business as usual while it worked on the remainder of its IT.
Shed a light on the monsters in your cyber assets with IT visibility
With everything back up and running and hundreds of pots of coffee later, the next step was to add new layers of security to their system. This included aggregating and validating asset data to ensure complete IT visibility. New naming conventions were established to make it easier to know which location/department owned which assets. Asset data now needs to be validated by multiple security tools in order to ensure they are secure, and assets that can’t be automatically verified are taken offline until a manual check is finished. This helps ensure infrastructure security and makes it even harder for malicious actors to find their way into the system and expose or steal critical data.
The project continues, but the goal is clear: complete visibility for better infrastructure security.
Author:
Andreas Gieseke
SVP Technology & Information Managing DirectorRelated links:
Share blog:
13 days in October: a cyberattack, total IT shutdown, and an innovative approach to IT security
Reading time: 3 minutes
February 21st, 2023 | Andreas Gieseke
Imagine for a moment that you come to work early one fall morning. You are a core member of a group’s IT team, spread in different regions and countries around the world. You turn on your computer to start the day only to discover that nothing works. Absolutely nothing. Your entire global IT has been locked down, and you have access to neither Outlook nor your Active Directory, neither your SSO not to any of your trusted certificates. Nothing works.
An attack is the furthest thing from your mind. What did I do wrong, you think. You begin to panic though as you realize the true extent of the problem. It’s not just you. Your colleague in the desk next to you doesn’t have access. No one can pull up their mails on their laptops or their phones. Your company apps have stopped working. For a moment your business is frozen in the digital dark ages.
What do you do?
First, you get a cup of coffee. It’s one of many that you’re going to need today and, in the days and weeks to come. You’ve had your moment to panic, but now it’s time to get to work, figure out what the problem is, mitigate the damage, and get everything back online as soon as you can.
The first thing you realize is that you’ve been hit. A phishing attack – a low tech smash and grab job – has resulted in parts of your data being stolen and encrypted. The thieves are demanding a ransom to get it back. And while your management and legal teams are deciding how to react to the ransom demands, it’s up to you and your teams to get the global IT up and running while also ensuring that you won’t be hit again.
It’s now 10am, and you drink your sixth coffee of the day.
A horror story with a happy end: Complete restoration, full visibility, and improved IT security
Sounds frightening, doesn’t it? A cyberattack is a horror story we hate reading about and never want to live though. But with ransomware attacks at an all-time high – 50% more per week than in 2020 – the horror is far closer than we probably care to admit.
The consequences of an attack can be severe. In this case, the global grocery retailer was left without its IT. No cash registers, no apps, no automated price labelling system, no printers, nothing. Well, nothing except its fax machines, which roared to life with people all over the globe seeking answers.
Even though the organization had a disaster recovery plan, the plan depended on a functioning IT backbone. The attack stripped them even of that.
The countdown was on. To get its business back on its feet, the organization needed information about its IT layer. Because we had previously worked with the organization on a recent Software Asset Management project where, among other things, we inventoried the entire enterprise infrastructure, we were able to supply the organization with a backup copy of their inventory.
While the data was a year old, it still gave them a baseline overview of their hardware assets, so they could begin restoring their IT. As they restored their systems, they refreshed the data and stored it as part of a managed services solution on Raynet servers, giving them continued access to the data even in the event of another attack.
Within just 13 days, the organization had a handle on its most critical systems, allowing it to return to business as usual while it worked on the remainder of its IT.
Shed a light on the monsters in your cyber assets with IT visibility
With everything back up and running and hundreds of pots of coffee later, the next step was to add new layers of security to their system. This included aggregating and validating asset data to ensure complete IT visibility. New naming conventions were established to make it easier to know which location/department owned which assets. Asset data now needs to be validated by multiple security tools in order to ensure they are secure, and assets that can’t be automatically verified are taken offline until a manual check is finished. This helps ensure infrastructure security and makes it even harder for malicious actors to find their way into the system and expose or steal critical data.
The project continues, but the goal is clear: complete visibility for better infrastructure security.