Ransomware attack
Incident Response Timeline 5 Minutes or less
For the first time, we invite you to take an exclusive and real life look at how Concierge Security experts within Arctic Wolf’s industry-leading Security Operations workflow triage investigated, escalated and remediated a ransomware attack on a local government organization.
01
SOURCE
Active Directory 5:23am
-
5:23am
DID YOU KNOW?
In the four years since January 2016, more than 4,000 ransomware attacks have been carried out daily, according to ransomware statistics from 2020 published by the FBI.
02
SOURCE
ARCTIC WOLF SENSOR 5:26am
-
5:26am
03
5 minutes since initial activity:
investigation triggered 5:28am
-
5:28am
04
ONE MINUTE LATER:
The Investigation Starts 5:29am
05
Following Investigation:
Incident Ticketed 5:48am
-
Contain the device / disconnect from network
-
Change passwords for the [USER]and service accounts
-
Run Antivirus scans on endpoints
06
In Less than 1 hour:
Remediation 6:13am
Next, the security journey continues
-
6:13am
- Arctic Wolf Platform
- Arctic Wolf Platform
- Arctic Wolf Sensor
- Investigation Triggered
- Investigation Begins
- Incident Ticketed
- Remediation
with our concierge security team
Although many Managed Detection and Response services would end once the threat of ransomware was finished, the
With a complete understanding of your unique IT environment, the Arctic Wolf® Concierge Security® Team (CST) provides your team with coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Arctic Wolf Concierge Team is focused on using this attack to improve the security posture of the customer.
Implement principle of least privilege for remote tools
Geofence firewalls
Enable MFA
Setup GPO to block use of PowerShell
Install With the Arctic Wolf Agent, the Arctic Wolf Triage Team can take containment action on behalf of customers, reducing time to remediation. Arctic Wolf Agent on all machines
Ransomware Attacks
Are Affecting Every Industry
Government
48 of the 50 U.S. states, as well as the District of Columbia, experienced at least one ransomware attack from 2013 to 2018.
Additionally, at least 948 government entities in the United States were attacked by ransomware hackers extorting money in 2019.
Financial Services
On New Year’s Eve of 2019, the popular currency exchange service Travelex was hit by a ransomware attack knocking over 1,200 stores and kiosks in over 70 countries offline.
The attack also impacted several large national banks that relied on Travelex services. Ultimately services were down for 2 weeks with attackers demanding $6M or to take the customer data public.
Legal
The first prominent ransomware attack on a law firm was DLA Piper in 2017. While the DLA Piper security team was able to detect the threat within 20 minutes, the attack had already disabled the firm’s global telephone system and most of its computer network.
It took the firm months to become fully operational again at the cost of tens of millions of dollars.
Manufacturing
In May 2021, the Colonial Pipeline was forced to halt operations due to a ransomware attack by the DarkSide gang. The attack shut down more than 5,000 miles of pipes and cutting supply to many parts of the southeast. The pipeline eventually paid out $4.4M to resolve the issue and avoid further crisis.
Healthcare
Ransomware attacks cost the healthcare industry $20.8 billion in downtime in 2020, according to an annual report by Comparitech.
The report also found that 92 individual ransomware attacks occurred at healthcare organizations, and 600 clinics, hospitals and organizations were affected. In addition, more than 18 million patient records were impacted by these ransomware attacks.
