Call us: 0161 726 5020

Careers | Blog | Contact Us

GreystoneGreystone
  • IT Services
    • Managed Support Services
    • Cyber Security Services
    • Modern Workplace and Intune
    • Microsoft 365
    • IT Director as a Service (ITDaaS)
    • Data Backup and Disaster Recovery
    • Network connectivity and Managed Wi-Fi
    • Virtualisation and Servers
  • Software
    • Consultancy
    • Custom Software Development
    • System Integrations
    • Web Development
  • Cloud
    • What is the Cloud
    • Cloud Consultancy
    • Migration Services
    • Security Services
    • Cost Management
    • Automation
    • Monitoring and Reporting
    • Optimisation
    • Auditing
  • Case Studies
  • About
  • Contact

Careers | Blog | Contact Us

GreystoneGreystone
Greystone
  • IT Services
    • Managed Support Services
    • Cyber Security Services
    • Modern Workplace and Intune
    • Microsoft 365
    • IT Director as a Service (ITDaaS)
    • Data Backup and Disaster Recovery
    • Network connectivity and Managed Wi-Fi
    • Virtualisation and Servers
  • Software
    • Consultancy
    • Custom Software Development
    • System Integrations
    • Web Development
  • Cloud
    • What is the Cloud
    • Cloud Consultancy
    • Migration Services
    • Security Services
    • Cost Management
    • Automation
    • Monitoring and Reporting
    • Optimisation
    • Auditing
  • Case Studies
  • About
  • Contact

Customer ransomware attack, recovery and mitigation

Customer Profile

The customer is a large retail firm based in the North of England with over 200 employees across multiple UK based offices.

Business Issue

This customer suffered an email-based ransomware attack. Emails containing malware were received by a member of staff, opened, and the user’s computer was subsequently infected. This resulted in the ransomware encrypting a large number of company files across the network. This included many files essential to the running of an accounting application. The result of this was the customer was left with an infected computer, several critical file shares inaccessible, and their accounting system out of action.

IT Solution

The Greystone support team were engaged shortly after the initial incident by users reporting that staff could no longer access files.

By tracking which user had encrypted the files in question the infected PC was isolated from the network and the user’s account was disabled stopping the ransomware from encrypting any further files.

The customer’s file structure was then scanned to see what files had been encrypted by the ransomware. Using the results of the scan a file recovery process was started to restore files from backup, to restore files that have been affected including the accounting system files.

To mitigate any further ransomware attacks the customer’s IT security was reviewed and several additional technologies were implemented to mitigate future attacks. These included Software Restrictions Policies (SRP) that stop unauthorized programs from executing on any computer in the network, File Server Resource Manager (FRSM) Filters that detect if files are being encrypted by ransomware, block its access and send IT staff and alert message.

Technology Used

  • Windows Software Restriction Policies.
  • Windows Files Server Resource Manager (FSRM) Filters and alerting.
  • Data Backup / Recovery.
  • NTFS and File share permissions (Principal of Least Privilege).
  • Antivirus / Anti-malware.
  • Email filtering

Greystone

Results and Benefits

Although this customer suffered a significant ransomware attack the scale of the damage was limited by the well-implemented file permissions already in place and all lost data was recovered thanks to a robust backup and recovery solution. Now the customer has advanced technologies in place to help detect, stop, and alert any further ransomware attack.

greystone
Let’s talk

Get in touch with us today

Get in touch

Our Partners

aws partner network

microsoft partner

databarracks

internet central

highlander

mitigate

cyfor

huntress

pax8

Twitter Linkedin

0161 726 5020 | info@greystone.co.uk

Copyright | Cookie Policy | Terms & Conditions | Privacy Policy | Sitemap

Play It Green

Cyber Essentials

Website design by Creative Essence.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok