In spite of the ongoing evolution of cyber security processes and technology, human error is still responsible for 95% of data breaches1. Phishing attacks alone represent a particularly insidious risk, with 91% of organisations experiencing a successful attack in 2021 alone2.
2355 Hits
In light of recent geopolitical events, and the increased threat to corporate infrastructure, organisations across the UK must assume that they will be forced to contend with a cyber-attack in the near future and prepare accordingly. Indeed, the NCSC has already set out its own guidance to help organisations bolster their defences, which we strongly advise you to read and implement.
2893 Hits
Any organisation that has tried to recover from a ransomware attack knows that it can be time-consuming and costly. Companies hit by an attack must choose between paying a ransom or recovering encrypted data from a backup.
Unfortunately, ransomware gangs are too aware that they can leverage significantly higher ransoms from their corporate victims if they have also compromise the company's backups. For this reason, we are seeing more and more cyber attacks targeting backups because they know that organisations desperately need them to recover if they want to avoid paying a ransom to cybercriminals.
102765 Hits
Newly-released research indicates that ransomware attacks reached a record high in May, with the surge primarily fueled by a massive increase in the number of attacks perpetrated by the LockBit ransomware group and its affiliates.
100932 Hits
Car dealerships have been brought to a standstill across the United States after a software provider was hit by a ransomware attack.
106038 Hits
The UK's National Cyber Security Centre (NCSC) has warned the IT helpdesks of retailers to be on their guard against bogus support calls they might receive from hackers pretending to be staff locked out of their accounts.
76951 Hits
The Challenge
In Q3 of 2024, the CEO of a UK-based bank received an email from a ransomware group, informing him that the bank's data had been encrypted and would be released on the dark web unless a ransom demand was paid. Although several insurers and consultants were engaged to resolve the situation, the slow response times made it clear that an alternative approach would be needed.
Finally, in order to minimise the resulting downtime and resume operations as soon as possible, without giving in to the criminals' ransom demand, the organisation engaged Exponential-e to restore and secure their critical servers. With even the shortest period of downtime resulting in serious financial and reputational damage, a team of incident response specialists immediately began the restoration process, aiming to have the bank's systems back online in days rather than weeks.
The Solution
The restoration process began with a thorough audit of the IT ecosystem to establish which servers had been impacted, after which the affected VMs were powered down. A new, fully isolated VDC was created to store these VMs once they were recovered, along with a completely new firewall zone.
With the affected servers restored into this new VDC zone, firewalls were established to allow for the most basic access, after which malware scans were conducted. These scans continued for two days, during which the customer was granted initial access to the servers via a temporary SSL VPN with Azure MFA, allowing them to resume operations in just three days.
At this point, Zerto replication was set up for the new VMs, while Exponential-e simultaneously engaged with the third party that was conducting a forensic investigation.
Connectivity was soon re-established for the customer's other offices, at which point users were brought back online. Firewall logs were provided for the forensic team, along with initial access to VM images via vCloud Director.
Finally, a test rebuild of the affected VMs was conducted and finalised within two days, and additional firewall policies established.
Exponential-e has repeated variations of this process for multiple other organisations affected by ransomware attacks, allowing them to resume operations as quickly as possible and ensure their critical infrastructure is secured against future attacks.
The Result
Ongoing communication between all parties involved ,including a dedicated team of incident response specialists at Exponential-e with a defined action plan ensured a seamless restoration process. Day-to-day operations resumed in just seven days, without paying the criminals' ransom demand.
Don't wait for a crisis to expose the cracks, fortify your defences today. Discover how expert response turned seven days of chaos into operational recovery.
381 Hits
© 2025 Exponential-e Ltd. Reg. No. 04499567, Reg. Address:100 Leman Street, London E1 8EU