Major US Electronics Manufacturing Company Suffers Catastrophic Ransomware Attack
A 50-year-old electronics manufacturing company, with a stellar reputation, and equipment used in everything from space development to home appliances is suddenly hit by a ransomware attack from what appears to be a Russian hacker. At risk is the company’s reputation. its financial stability, and its promise to keep government and corporate client information secure and private.
The company leadership contacted Inovo InfoSec (Inovo) for urgent assistance. That call ultimately saved their company, preventing protected sensitive data from being sold on the dark web and enabling them to return to business as usual in the shortest possible timeframe. The call also resulted in a significant partnership that offered quick help and then built a strong relationship with lasting outcomes:
- The company saw Inovo as an organization that could not only address immediate areas of risk in their technology, but also create a strategic roadmap of internal Information Technology and Security controls to keep themselves and their clients protected.
- Inovo helped this organization of several thousand employees grow from a CIS Security Maturity Level 0.50 to a Security Maturity Level 3 in just under 12 months
- Inovo successfully represented the state of their internal Information Technology and Security controls to protect their high-end clients.
The creation of this partnership has allowed the company opportunities to skyrocket. Here’s how it happened.
The Company
The electronics manufacturing business started on the west coast half a decade ago with a goal of attracting and retaining talent to provide quality service to their customers, earning them recognition as a reliable and trusted manufacturing partner. The company recognizes the importance of providing quality products, continually driving and implementing process improvements to better serve their customers.
The Challenge
With Fortune 500 clients, and government contracts, the company had just started talks to improve its security.
Before these controls could be implemented, a threat actor broke into an internal computer and found the organization’s most privileged information. This actor took advantage and injected Ransomware. The entire server and workstation environment was encrypted within a few hours and the manufacturing operation came to a halt. The bad actor wanted a large ransom payment for the password to decrypt their computers and get back to work. The company decided not to pay the ransom, and instead restored their systems from backups. This took weeks, and manufacturing operations were down during the restore, costing millions of dollars. Once the network came back online, manufacturing resumed.
Despite managing to restore business as usual the root cause of the breach had not been addressed. The threat actor waited until a holiday weekend and struck again, this time asking for a higher payment. The Company realized they now needed outside assistance and reached out to Inovo via a trusted contact. Inovo’s experience and credentials met their urgent requirement. In addition, their model of service quality and partnership paired perfectly with the Company’s core values and internal customer service delivery culture.
The Response
Inovo provided immediate counsel to the Company’s executive team and set to work, quickly discovering that the domain administrator account had been used to create multiple other privileged administrator accounts which were used during the encryption attack. This time, all of the compromised assets were taken offline, restored from backup, and fully hardened to the Center for Internet Security (CIS) benchmark before they were brought back online.
“We were able to identify all the affected systems and restore and clean them before they were brought back into service,” said Inovo InfoSec CIO Jeff Gulick.
“We were able to bring them back online within three days, and with a high certainty that we found the root cause of the breech. And at this point we have been engaged with them for over a year and have not had a repeat incident.”
“Simply put, if we hadn’t been there, they would have been breached a second or third time,” Gulick said.
The Results
The Company was back online quickly with minimal downtime. All passwords were changed network-wide, and 350 vulnerabilities that were discovered on the firewall were remediated. A Security Maturity Level Assessment was undertaken and it was established that the business was operating at a CIS Security Maturity Level of 0.50, near the bottom of the assessment standard.
Aside from the obvious internal risk factor to the business, this low rating was preventing the company from working with top tier companies and the government, due to the stringent vendor security and compliance required for tendering.
Using Inovo’s vCISO service, a remediation plan was actioned and through implementing policies and securing data, the CIS Security Maturity Level rating quickly rose to 3.
Last but not least, Invovo implemented a full managed cybersecruity program with 24/7 intrusion detection, ongoing vulnerability management and SOC monitoring.
Today, the company is in compliance with regulatory requirements and has been able to successfully demonstrate these controls to both federal and private security auditors. The company was able to restore their customers’ confidence and take it to new levels with the professionally developed Information Security program driven by Inovo.
Protect Your Clients and Company Today
Regardless of your security maturity level, the first step to upping your cybersecurity game is to conduct a comprehensive Security Maturity Assessment.
The process involves a cybersecurity gap assessment and an extensive exploration of security risks to identify your security maturity level. The report will prioritize your security risks, give you actionable insights, and help you focus your strategy.
