What We Do
How we do it
Resources
SECURITY ADVISORIES
Jan 13, 2022
GootLoader Hackers Are Compromising Employees of Law and Accounting Firms, Warns eSentire
GootLoader Gang Launches Wide-Spread Cyberattacks Enticing Legal and Accounting Employees to Download Malware eSentire, the industry’s leading Managed Detection and Response (MDR) cybersecurity provider, is warning law and accounting firms of a wide-spread GootLoader hacker campaign. In the past three weeks and as recently as January 6, eSentire’s threat hunters have intercepted and shut down…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Oct 28, 2021
Telarus and eSentire Expand Partnership to Safeguard Enterprises Globally Against Business Disrupting Ransomware and Zero-Day Attacks
London, UK and Sydney, Australia– Oct. 28, 2021 - eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announces the expansion of its partnership with Telarus, the largest privately-held distributor of business cloud infrastructure and contact centre services. Building on their mutual success across North America, Telarus will bring eSentire’s Managed…
Read More
Partners
PARTNER PROGRAM
Partners
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
PARTNER RESOURCES
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Jun 17, 2021

Manufacturer Recovers from Costly Ransomware Attack

Speak With A Security Expert Now
This blog was originally published on CyFIR.com and has been reposted as-is here following eSentire’s acquisition of CyFIR Inc. in June 2021. As of the date of the acquisition, no changes have been made to the content below.

WWT leverages partnership with security firm CyFIR to help customer remediate ransomware attack and strengthen security hygiene.

CASE STUDY IN PARTNERSHIP WITH

Challenge

A global manufacturer was hit with a ransomware attack that locked up its critical business systems. Despite losing $1 million per day from an inability to operate, the company wasn’t inclined to pay the ransom— even though its very survival was at stake. The company simply had no assurance the attacker would grant system access upon payment. Moreover, failure to address the underlying causes would leave the company vulnerable to similar attacks in the future, perhaps from the same threat actor.

The company’s security team worked around the clock to determine the point of attack, identify the attacker and remove the threat from their system. But after two days of unsuccessfully attempting to resolve the issue internally, the CEO contacted WWT for help. The CEO had successfully worked with WWT on various cybersecurity issues in the past. Based on those experiences and his confidence in their ability, they were the first call he made when confronted with a significant security threat to his business.

Solution

Once WWT’s Security team assessed the severity of the attack, they determined that CyFIR’s powerful investigation and incident response tool was needed to remediate the breach. They immediately contacted CyFIR’s team of computer forensic practitioners to partner with them to remediate the attack and improve our customer's security posture in the process.

Upon receiving the call from WWT on a Sunday afternoon, CyFIR jumped to action and contacted the manufacturer directly to better understand the situation. CyFIR’s team immediately began working with the customer’s security team to remotely deploy CyFIR’s forensic investigation tools across all the endpoints on the network. This enabled them to begin analysis of what was attacking the system.

WWT has a strong partnership with CyFIR thanks to past joint efforts to solve complex security issues for customers and our CyFIR Forensic Instant Response Lab in our Advanced Technology Center (ATC). This interactive CyFIR Lab provides a safe environment for organizations to evaluate the functionality of the CyFIR Enterprise suite on various Windows and Linux endpoints. It's a great starting point for anyone wanting to understand how CyFIR’s Forensic Analysis and Instant Response solution can bring cyber resiliency to an organization.

With the forensic analysis underway, the CyFIR team traveled to meet with the company’s security team on Monday morning. By the time they met, CyFIR had determined the attack came from a laptop running in the manufacturing department that hadn’t been used in some time but was still active. Unfortunately, because of the time delay in reporting the incident to WWT and CyFIR, the company’s critical files had been encrypted by the attacker and the encryption keys could not be unlocked without paying the ransom.

Backing up and encrypting your critical files offline is one of the best ways to avoid the impact of ransomware attacks.

CyFIR worked with the company to recover most of the files that had been successfully backed up offline by Wednesday. Backing up and encrypting your critical files offline is one of the best ways to avoid the impact of ransomware attacks. This allowed the company to successfully return to normal operations. In addition, the WWT and CyFIR team completed a comprehensive threat assessment across the company’s network, identifying and removing various threats and assuring the attacker was eliminated from the network.

Upon completing the threat assessment, the company engaged CyFIR to install a continuous monitoring function across all endpoints in their network.

Outcomes

Working closely with CyFIR, WWT helped a valued customer get their manufacturing operations back online, which eliminated an ongoing daily loss of $1 million. In addition to remediating the ransomware threat and restoring backed up data, they helped identify and eliminate other latent threats from the customer’s network. The manufacturer has since adopted CyFIR’s continuous monitoring technology to significantly reduce the risk of loss from future cyberattacks.

To proactively prevent similar attacks from occurring and maintain a healthy security hygiene, organizations should continuously assess their levels of risk, establish metrics, make sure store encrypted backups of critical data offline, and conduct awareness training and incident response table top exercises on routine basis.

Risk Management

As IT becomes an increasingly important business enabler, it's imperative to apply the notion of risk management to all organizations. A risk-based approach to management can lead to greater accountability and a better change management environment.

Business impact and risk analysis are important lenses for understanding your company’s operational vulnerabilities as well as the various platforms from which to explore risk mitigation and contingency-planning activities.

Through close partnerships with leading security vendors like CyFIR, WWT can help you evaluate your existing security tools against industry standards to ensure you have pervasive, real-time visibility, improved operational efficiency and a mature cybersecurity program.

View Most Recent Blogs
eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.