Ask
Meghan
Consulting & Professional Services Industry
General Informatics technology & security professionals successfully secure sensitive information from a malicious attacker
Phishing,Attack,Computer,System

Protect your business from hackers before realizing it is too late

In the face of a ransomware attack, General Informatics’ cybersecurity solutions effectively contained and eradicated the threat, preserving the integrity and accessibility of the organization’s critical data.

Project Highlights

The fate of an organization is left in the hands of a malicious threat actor

A senior-level employee of a U.S.-based consulting firm fell victim to a tried-and-true tactic of bad actors, a phishing email. This attack put the entire organization’s operations and internal data security at risk, also demanding a ransom.

Thankfully this organization is a client of General Informatics’ security solutions and had implemented ThreatWatch 365, including border security, endpoint management & detection, Security Information & Event Management (SIEM) services, and security awareness training, plus Backup 365 to protect files and provide fast and reliable recovery of data, prior to this attack.

If it was not for the dedication of the General Informatics team,  ThreatRespond 365, ThreatWatch 365, and Backup 365, this double extortion play of ransomware and release of data on the dark web would have left the fate of this organization in the hands of the malicious threat actors.

So, what happened in this case?

After-hours, on a Wednesday afternoon, a threat actor compromised the account of an employee, thus giving the attacker an open window to access the domain controller within the network of the organization, an entrance to their workstation, access to map drives, sensitive data, and more.

This employee did not yet realize the severity of  this situation and failed to immediately report this mishap to a supervisor, thus allowing the attacker more time to formulate their plan of action.

This is an important moment to pause and highlight how  waiting to notify someone, specifically in IT is a perfect representation of a ‘glacier effect’. This employee only saw what was happening at a surface level, and thankfully General Informatics was working 24/7 behind the scenes to see beneath the surface and grasp the seriousness of the ‘glacier’ in its entirety.

Our team has the ability to do what we call ‘instant restores’ thanks to cloud Backup365. In this case, we were able to implement an instant restore on the attacked file server, and they were back online and operational within minutes.”

Chief Technology Officer, General Informatics

Fast forward less than 24 hours later, the GI team received an alert from the EDR system that there had been lateral movement within the network. Upon receiving the alert, General Informatics was able to block most of the attacker’s initial malicious actions and the case was escalated for further investigation. In this short amount of time between the initial contact with the threat actor and the General Informatics’ IT team implementing an action plan, the attacker had installed a Remote Access Trojan (RAT) and crypto ransomware to exfiltrate data and encrypt the organization’s files. Shortly after receiving the alert, General Informatics saw an influx of support ticket requests from employees of the organization experiencing trouble accessing network resources and critical data.

By Thursday afternoon, General Informatics had gained access to, contained the spread, and shut off the command-and-control access point of the attacker. Within this organization, less than 10% of workstations were impacted by the incident. Once the attacked file servers were secure, the General Informatics IT team began taking all precautionary measures to remove all footholds in the attacker’s environment, such as changing passwords and restoring services to the organization’s cloud servers, rather than local servers, which allowed restoration to happen more quickly.

Proactive IT Response: Securing Networks Beyond Business Hours

General Informatics IT specialists go above and beyond when it comes to keeping clients safe; demonstrated in this organization’s case. GI received the alert of lateral movement around 9:00 p.m. on a Wednesday and the team did not wait until business hours to address the problem. General Informatics immediately jumped on this attack and began working to secure the environment long before the uptick of service request tickets from the employees the following morning; employees did not even know that their requests pertaining to server errors were a result of a ransomware attack on their network.

At General Informatics, your security is our priority

Many other IT providers stop after restoring the victim’s network, but it is important to adopt a mindset of forward thinking when it comes to security. General Informatics stands out by adhering to service delivery standards that emphasize continuous innovation and advancing security solutions to not only remediate incidents for their clients but also prepare them for future threats.  In certain situations, General Informatics IT specialists will not only help navigate your insurance company’s requests but also communicate with the threat actor to keep threats to a minimum, even in the case of data exfiltration.  

What would have happened to this organization without ThreatWatch 365 and Backup 365?

If this organization did not have General Informatics Endpoint Detection Response (EDR) and Security Operations Center (SOC), monitoring their network the attacker may not have been noticed nor caught until it was too late, leaving them left with two options: rebuild from scratch or pay the ransom. Without ThreatRespond 365 and Backup 365, this organization’s operations would have been put at a halt and would most likely still be trying to determine how they would go forward with conducting business.

This incident can serve as a reminder to all companies that a severe threat can begin with a single email, and it is crucial to your organization’s security to invest in a reliable Managed Security Service Provider (MSSP). 

Let us take your business to the next level.

Contact us to get started

Name(Required)
Please let us know what's on your mind. Have a question for us? Ask away.

Spread the word

Scroll to Top
Meet Our CEO & President

Don Monistere

Don Monistere is an Entrepreneur, Published Author and Accomplished Executive.

Monistere is the CEO and President of General Informatics. Monistere joined the General Informatics team in 2020 and has been actively growing its reach since. General Informatics is one of the fastest growing IT services providers in the Southeast and is considered the leading IT partner for businesses, schools, government agencies, and for the financial and maritime industry.

Name(Required)

ThreatWatch 365 and Backup 365 protect from a detrimental ransomware attack

Event Registration

Name(Required)