ProjectMinimising impact and restoring operations following a cyber-attack.
TimeframeAll major servers and end-points were available in 3 days, except the Exchange Server, which took 10 days.
Firstly, we were able to contain the exploit, so it couldn’t trigger or infect other systems. Efforts then turned to data recovery. With our secure Backup-as-a-Service solution, file recovery was straightforward.
Email continuity had been set up to provide secure email protection. This solution meant that the company had email availability throughout. This maintained communication channels with clients, colleagues and other parties.
Disaster recovery planning, resilient infrastructure and a quick response to the security alert minimised the impact of a major cyber-attack. Our client was able to resume business as usual in days. The same issue caused the parent company (not managed by Flex IT) to be out for 3-4 weeks.
- Contacting our client and starting work within minutes of being informed
- Checking the Exchange Server for indicators of compromise following Microsoft’s guidance
- Patching the Exchange Server when evidence indicated the exploit was present
- Isolated all systems on the network
- Checking all Servers & end-points for any sign of Malware and/or Virus infestation.
- Making Operational and Data Servers, as well as Endpoints, available
- Rebuilding the Operating System from scratch, with the most up to date security patches; the cleanest and quickest way to deal with the affected Exchange Server
- Reinstalling the Exchange and all updates as required
- Restoring the Exchange Server Database from the unaffected Replica Server and making it live to users
- Fetching email from the continuity platform