Sales: 0845 470 4001 | Support: 0845 230 6001 | Contact Form | NPS

Restoring critical data in three days following a cyberattack

Restoring critical data in three days following a cyberattack

The Challenge

In Q3 of 2024, the CEO of a UK-based bank received an email from a ransomware group, informing him that the bank's data had been encrypted and would be released on the dark web unless a ransom demand was paid. Although several insurers and consultants were engaged to resolve the situation, the slow response times made it clear that an alternative approach would be needed.

Finally, in order to minimise the resulting downtime and resume operations as soon as possible, without giving in to the criminals' ransom demand, the organisation engaged Exponential-e to restore and secure their critical servers. With even the shortest period of downtime resulting in serious financial and reputational damage, a team of incident response specialists immediately began the restoration process, aiming to have the bank's systems back online in days rather than weeks.

The Solution

The restoration process began with a thorough audit of the IT ecosystem to establish which servers had been impacted, after which the affected VMs were powered down. A new, fully isolated VDC was created to store these VMs once they were recovered, along with a completely new firewall zone.

With the affected servers restored into this new VDC zone, firewalls were established to allow for the most basic access, after which malware scans were conducted. These scans continued for two days, during which the customer was granted initial access to the servers via a temporary SSL VPN with Azure MFA, allowing them to resume operations in just three days.

At this point, Zerto replication was set up for the new VMs, while Exponential-e simultaneously engaged with the third party that was conducting a forensic investigation. 

Connectivity was soon re-established for the customer's other offices, at which point users were brought back online. Firewall logs were provided for the forensic team, along with initial access to VM images via vCloud Director.

Finally, a test rebuild of the affected VMs was conducted and finalised within two days, and additional firewall policies established.

Exponential-e has repeated variations of this process for multiple other organisations affected by ransomware attacks, allowing them to resume operations as quickly as possible and ensure their critical infrastructure is secured against future attacks. 

The Result

Ongoing communication between all parties involved ,including a dedicated team of incident response specialists at Exponential-e with a defined action plan ensured a seamless restoration process. Day-to-day operations resumed in just seven days, without paying the criminals' ransom demand.

Don't wait for a crisis to expose the cracks, fortify your defences today. Discover how expert response turned seven days of chaos into operational recovery.

  251 Hits

Phishing: attacks and prevention

Phishing-attacks

Phishing is the fraudulent use of electronic communications to try and obtain sensitive information, such as usernames, passwords and credit card details by posing as a legitimate institution. Phishing attacks attempt to get individuals to click on a malicious link and enter confidential information to steal their identity, funds or to be the first step in a serious cyberattack against an organisation.

  3016 Hits

Three steps to more secure employee passwords on World Password Day

Three-steps-to-more-secure-employee-passwords-on-World-Password-Day

Passwords are often more associated with individual and consumer cyber security, but they are an essential part of an organisation's overall security posture. For example, you wouldn't leave the windows open overnight as this would allow easy access into the building for thieves. In the same way, a weak password offers cyber attackers easy access to your corporate infrastructure, after which they can use these credentials to escalate permissions until they granted themselves administration privileges, at which point the risk of financial and reputational damage becomes truly serious!

  2543 Hits

Creating new workspaces for the distributed workforce’s ‘liquid footprint’

Creating-new-workspaces-for-the-distributed-workforces-liquid-footprint

With the flexible office model slowly but surely supplanting the traditional working environments in favour of dynamic co-working spaces for a number of years now, we have seen many organisations reconsider the way they think about commercial real estate.

  2628 Hits

Keeping our schools cybersafe throughout lockdown

Keeping-our-schools-cybersafe-throughout-lockdown

The past year has challenged the UK's education sector in ways that would previously have been inconceivable, with children learning from home the majority of the time since March.

  3013 Hits

You cannot afford to risk human error compromising your cyber security

you-cannot-afford-to-risk-human-error-compromising-your-cyber-security

In spite of the ongoing evolution of cyber security processes and technology, human error is still responsible for 95% of data breaches1. Phishing attacks alone represent a particularly insidious risk, with 91% of organisations experiencing a successful attack in 2021 alone2.

  2244 Hits

Be prepared: optimising cyber security in an increased threat landscape

Achieving-airtight-cyber-security-in-an-increased-threat-landscape-blog-header

In light of recent geopolitical events, and the increased threat to corporate infrastructure, organisations across the UK must assume that they will be forced to contend with a cyber-attack in the near future and prepare accordingly. Indeed, the NCSC has already set out its own guidance to help organisations bolster their defences, which we strongly advise you to read and implement.

  2796 Hits

Cultivating a new breed of cyber security for the new shopping experience

Cultivating-a-new-breed-of-cyber-security-for-the-new-shopping-experience_2

Retailers - be they small local shops, online sellers, or top global brands - generate, transfer, and store more data than ever before, ranging from customer data (both online and in-store, as we have considered in previous articles), to supply chain and asset tracking data. Whether it's shopping online or utilising in-store apps to access the latest savings and special offers, the way customers shop has fundamentally changed forever, with the data they generate online and in person allowing retailers to build up unique personas that drive truly bespoke experiences.

  2730 Hits