IR Hotline Numbers:

+44 20 3318 1470
+60 154 877 0076
+61 2 7908 1745
+65 3165 8788
caution icon

Experienced a breach? Reach us now

company logo

Incident Response

Helping a Wholesale IT Distributor Recover from Threat Actors

Helping a Wholesale IT Distributor Recover from Threat Actors

The Background

The Client is a regional wholesale distributor of computer components, peripherals, accessories and networking products. The client's distribution offices are in Singapore, Malaysia, Hong Kong, South Africa, Sri Lanka and Mauritius. Regular stock availability and efficiency in logistics are some of their unique selling proposition in the IT supply chain.

One of the Client's employees fell victim to a phishing email attack that enabled the Emotet Trojan attached to gain a foothold into the system. The threat actors pivoted from the infected workstation to the company's Domain Controller and deployed an RYUK ransomware to multiple servers and workstations in the Client's environment. With no viable backups, their database from which they run their global business was encrypted.

The Process

Pragma first contained the attack by isolating the affected workstations and servers from the network. The client's IT was instructed to rebuild affected machines from scratch after forensic images were captured for analysis. In our forensic analysis, Pragma ascertained the first point of compromise to be the phishing email attack.

The client was given recommendations to strengthen their security posture, such as implementing network segmentation and an Endpoint Protection solution that is tamper-proof from the local machine.

The client was adamant about not negotiating with the Threat Actors. As recovery and resumption of business were a priority for the Client, Pragma analysed and found that the ransomware encryption only affected certain portions of the database and able to manually recover tables containing vital data.

The Result

Using the tables recovered by Pragma, and manual input of data that was irrecoverable, the Client was able to recover from the ransomware attack. The Client minimised the future risk of system compromises by implementing the security recommendations and following best practices related to backups.

Tags:

Threat Actors
Phishing Attack
Emotet Trojan
Ransomware
Incident Response
Forensic Analysis
Network Segmentation
Endpoint Protection
Data Recovery
Security Recommendations
Best Practices

Join the Pragma Community Today

Email


Solutions

Cyber Advisory

Technology Risk

Compliance, Conduct, and Regulatory Risk

IT Audit

Insights

Pragma Logo

Terms & conditions

Privacy Policy