Challenge:
- An infrastructure construction and support services provider encountered a ransomware attack that compromised their Active Directory environment, resulting in their user database being stolen.
- The Active Directory server was using a trojan to infiltrate and encrypt their machines. In response, they needed help with remediation and mitigation of the problem.
Solution:
- As a trusted partner with a 10+ year relationship with the client, Converge was asked to assist with this incident based on the Managed Services we provide, as well as our knowledge of their existing environment.
- To make sure the bad actor was under control, the Cisco Talos Incident Response team was called into action immediately. Their job was to perform triage, investigate, contain, and remediate the problem.
- Concurrently, Converge worked to coordinate with the client’s engineering team to rebuild their entire environment and restore all of their servers/databases.
Results:
- After two weeks of our teams working day and night (300+ hours), the customer was fully restored and performing business as usual.
- Client was so impressed with our team’s readiness and quick response that they entrusted us with designing a more robust network and environment to better handle a similar situation, should it happen in the future.