A transportation company’s resilience in the wake of a ransomware attack
Snapshot
Ransomware is a large and growing part of the cybercrime world. In a ransomware incident, attackers encrypt the data of a targeted organization and demand a ransom in exchange for decrypting that data. The ugly truth is that in many instances, organizations that have been successfully hit have no choice but to pay, and according to research from IBM, the average cost of a ransomware payment is more than $800,000. The total cost to businesses of such an attack averages around $4.5 million. Â
So when a major regional transportation company came to Kalles Group for help in the wake of a ransomware attack, our team sprang into action immediately. Kalles Group consultants were able to help this organization investigate and identify how the attackers got into their system, replace vulnerable and compromised systems with clean and secure ones, and lay out a roadmap for better cybersecurity going forward. In a matter of days, this organization turned its cybersecurity stance completely around, accomplishing what others might take years to accomplish.Â
Challenge
 Transportation companies are – inevitably – sprawling enterprises, with equipment and offices in many locations. Not to mention the many different devices involved, from point-of-sale terminals to invoice printers to drivers’ cellphones. All of this can make it particularly difficult to pinpoint the vulnerability that allowed attackers to encrypt this company’s data. Â
But in the wake of a ransomware attack, our client was willing to move quickly to implement change. In one particularly impressive move, the organization set up a help desk to guide every one of its employees – hundreds of people – through the process of changing their password. The work was completed in one afternoon – a Friday afternoon before a long weekend.Â
In the days that followed, Kalles Group consultants advised the client’s incident response team on the upgrading of their technology with the latest in security software, mobile device management software and other tools to minimize the risk of another cyber-attack.Â
Approach
The client’s approach involved three distinct phases: In the initial investigation phase, the incident response team gathered together its internal resources and external expertise – that is, Kalles Group consultants – to determine how the company’s security was compromised and determine the likelihood of further attacks. It was found that the attackers had gained access by way of a vulnerability in the remote desktop protocol (RDP). Â
In the containment and eradication phase, the company shut down its internet and internal communications, and verified all identities on its network while KG consultants hunted down threats within the client’s system. Finally, in the recovery and advisory phase, Kalles Group carried out an organization-wide vulnerability detection sweep, and carried out forensic reviews of the affected systems. Kalles Group also provided a set of recommendations to help the client prioritize further steps to take in order to maximize the company’s cybersecurity.Â
Results
This transport company has seen no follow-up cybersecurity incidents, and now has greatly enhanced capability to defend itself against cyberattacks. That’s thanks in no small part to the fact that their security upgrades have given the company far greater visibility into its systems. And should they have any questions, Kalles Group consultants are on standby to offer assistance. Â