A leading drug manufacturing company located in the US faced a ransomware threat. Cyber attackers encrypted their files and were asking for ransom to decrypt them. The company refused to pay the ransom or accept any solution from them.
The company had an interconnected system network. This made the severity of the threat even more because other systems in the network also had a high chance of being infected by the ransomware.
The Challenge
The drug manufacturing company approached Nuvento for an action plan in 3-4 days to retrieve the encrypted files in their system. They wanted us to resolve the issue and ensure that such incidents did not reoccur.
Nuvento’s challenge was to identify and remove the ransomware from their network. We deployed our Threat Hunting team, Vulnerability Assessment team, Cybersecurity team, and IT Infrastructure Support team to investigate the situation and identify a viable solution.
Our Solution
Nuvento came up with a disaster recovery plan and analyzed 400 systems, including 40 servers. The company network was analyzed to identify if there were more threats.
We cleansed the entire network, removed the ransomware, and safeguarded their data from further cybersecurity breaches. Following were the measures taken:
Install Antivirus Protection
We noticed that some systems had outdated antivirus software, while some other systems had no antivirus protection at all. Installing standard antivirus software in all the systems was the first line of defense against the cyber-attack. So, we secured every single system with standard antivirus software.
Threat Hunting
We installed a threat detection software Infocyte for threat hunting. While running Infocyte, we identified certain suspicious logs. Our team alerted the company of the malware-infected systems, quarantined them, cleaned, and connected them back to their network.
Vulnerability Assessment
Using Tenable, a leading vulnerability management solution, we ran Vulnerability Assessments. The detected vulnerabilities included unsupported systems, open ports, outdated software, plugins, and web browsers.
Our team detected a total of 8000 vulnerabilities of which the following high-level vulnerabilities were fixed on priority:
- Unsupported Operating System
- Remote Desktop Service Vulnerabilities
- Remote Code Execution Vulnerabilities
Based on the vulnerability assessments, we made the following recommendations:
- Upgrade their systems to the latest Windows versions
- Change their Windows user accounts and service accounts permissions
- Upgrade firewall
- Use third-party service providers to protect from DDoS attacks
- Continue using InfoCyte to get malware alerts in their network
Follow Up Plans
Modernize IT infrastructure and scheduled maintenance
IT Support Process Transformation with SLA to ensure business continuity by establishing processes and systems including DR, Ticket Management Systems and Asset Management Systems
Technologies Deployed
Reach out to our team
Schedule a conversation with our technology experts
Share your requirement with us and our team will contact you within one business day to schedule a personalized consultation.
Once you connect with our technology leaders, they will evaluate your specific business case and share a proof of concept with estimates of costs, the effort required in terms of technologies and developers, and the timeline for the process.