Incident
During the onboarding process as part of the SOC/SIEM services we provide to a large transportation company in Israel, several critical security systems were connected, and suspicious activity indicating the presence of ransomware in the organizational network was detected.
Findings
- The ransomware was poised to fully encrypt the organizational network.
- The attacker succeeded in accessing the admin account and gained full permissions.
- Encryption tools had begun operating within the organizational network.
Actions Taken
- We alerted the company about the findings and guided their investigation and response team throughout the incident.
- Relevant identifiers were removed from static files, security devices were scanned, and a comprehensive cleanup was performed.
- Passwords were comprehensively changed, and the organizational network was isolated until the ‘end of incident’ declaration.
Outcome
The attack was prevented at the last minute. Since then, the client has enjoyed continuous monitoring as part of our SOC/SIEM services without any further significant incidents.
How the Client Summarized the Incident…
“Without the precise identification and rapid sequence of actions carried out by the Experis expert team, we would be in a different place. Such an attack would have paralyzed the entire organization and caused extensive damage. We are very satisfied with the company’s SOC/SIEM services and sleep well at night.”