Case Study
Incident Response Case StudyA midsize business becomes a victim of the CONTI ransomware.
Intro
Moving from Debilitated to Containment, Eradication and Recovery
Servers began running hot. Applications started to become unavailable, and services for database access crawled to a halt. Encryption of drives begun and IT workers started to see files disappearing. This is CONTI.
THE Details
Restore servers and services to over 200 servers, desktops and appliances
Challenge
Suddenly over an evening Windows Servers began encrypting local data. Over 200 devices were network accessible. It was suspected as the CONTI infection based on the behavior and encryption of the local drives. It continued to infect resources.
Solution
Command and Control was paramount. All available devices were installed with Sentinel One agents and registered. Now all devices were back within the control of the Team and the damage assessment began. Once the situation was clear the Team successfully executed the incident response cycle of Containment, Eradication and recovery.
Time to Full Recovery
48hrs
Servers Restored
206
Unique Vulnerabilities
685
Patches Executed
268
Testimonial
“From Incident to Recovery we quickly arrived at a steady state in a more advantageous position while mitigating risk of another attack.”