Emergency response team to the rescue

Posted by Mourad Smaali, Millenium Micro National 23-09-2020 02:33 PM

Earlier this year, the Millenium Micro National team received an emergency call from a larger Canadian organization that was the victim of a cyberattack. Through our immediate engagement, we were able to successfully help the client through their crisis allowing them to resume normal business activities.  

This multisite corporation with more than 400 users, part of a multinational group, discovered over a weekend that all its servers were encrypted, and its 400 workstations had been compromised.

To answer this extremely critical demand, the Millenium Micro National team partnered with the in-house IT team. Within a few hours, we were able to assemble and deploy a team comprised of 40 Technicians and a Project Lead. This team was quickly dispatched to each of their locations to salvage what they could of the servers and workstations.

If you are under attack:

  1. Disconnect from the Internet. Do not shut off the devices;
  2. If you are covered by a cyber insurance policy, call your insurance company, and follow their instructions;
  3. If you do not have cyber insurance coverage, reach out to your local Millenium Micro affiliate for immediate support.

Collaborating with the insurance company early was key regarding our involvement. We also worked very closely with the security firm appointed by the insurance company.

After the experts ran the analysis to uncover the source of the attack, we were able to determine that the hackers were still present in the network. The intruders were found to be in "sleeper mode" and had been there for the past 9 months. A thorough investigation showed that this particular attack was very methodical and the intruders were patient in their approach. Several types of attacks had been used simultaneously.

The total cost of the attack for the customer was in the several hundred thousand dollar range. Fortunately, thanks to our quick intervention and the considerable amount of resource depolyed, the company was able to resume production within just a few days. Cybersecurity prevention can be expensive, but inaction can be much more costly.

Much to our surprise, two weeks later the parent company also fell under attack. 40,000 devices were compromised simultaneously. Fortunately, due to the work completed on the first attack, the customers network was not connected to the parent company. Ultimately, our in-depth investigation showed no correlation between the two attacks.

Once we helped our customer resume production again, our security specialists worked closely with the internal IT team to implement new preventative security measures to their IT environment. In addition, awareness programs aimed at increasing security to industry standards were established, while integrating a higher standard in good governance methods.