Information Security Solutions – Ransomware Attack

Ransomware attacks are prevalent in the cyber domain, posing a tremendous potential for damage to any organization. Through our SOC/SIEM services, we provide end-to-end monitoring and control, ensuring compliance with international standards. The incident described occurred during the implementation process and was prevented at the last moment.

linkdin icontwitter iconfacebook iconemail iconwhatsapp iconemail icon

Incident

During the onboarding process as part of the SOC/SIEM services we provide to a large transportation company in Israel, several critical security systems were connected, and suspicious activity indicating the presence of ransomware in the organizational network was detected.

Findings

  • The ransomware was poised to fully encrypt the organizational network.
  • The attacker succeeded in accessing the admin account and gained full permissions.
  • Encryption tools had begun operating within the organizational network.

Actions Taken

  • We alerted the company about the findings and guided their investigation and response team throughout the incident.
  • Relevant identifiers were removed from static files, security devices were scanned, and a comprehensive cleanup was performed.
  • Passwords were comprehensively changed, and the organizational network was isolated until the ‘end of incident’ declaration.

Outcome

The attack was prevented at the last minute. Since then, the client has enjoyed continuous monitoring as part of our SOC/SIEM services without any further significant incidents.

How the Client Summarized the Incident…

“Without the precise identification and rapid sequence of actions carried out by the Experis expert team, we would be in a different place. Such an attack would have paralyzed the entire organization and caused extensive damage. We are very satisfied with the company’s SOC/SIEM services and sleep well at night.”

Attacksiemsoc