Case Study

Incident Response Case Study

A midsize business becomes a victim of the CONTI ransomware.


Moving from Debilitated to Containment, Eradication and Recovery

Servers began running hot. Applications started to become unavailable, and services for database access crawled to a halt. Encryption of drives begun and IT workers started to see files disappearing. This is CONTI.

THE Details

Restore servers and services to over 200 servers, desktops and appliances


Suddenly over an evening Windows Servers began encrypting local data. Over 200 devices were network accessible. It was suspected as the CONTI infection based on the behavior and encryption of the local drives. It continued to infect resources.


Command and Control was paramount. All available devices were installed with Sentinel One agents and registered. Now all devices were back within the control of the Team and the damage assessment began. Once the situation was clear the Team successfully executed the incident response cycle of Containment, Eradication and recovery.

Time to Full Recovery


Servers Restored


Unique Vulnerabilities


Patches Executed



“From Incident to Recovery we quickly arrived at a steady state in a more advantageous position while mitigating risk of another attack.”