Industry
Manufacturer
Vendor
Fortinet
SentinelOne
Sangfor
Solutions
Ad-Hoc emergency services
Incident Response
Next-Generation Anti Virus
Next-Generation Firewall
Virtual Desktop Infrastructure
Issue
Our client's Hong Kong office was connected to five factories through an MPLS network, all sharing the same domain. During a ransomware attack, all exchange servers, file servers, and databases were encrypted, along with over 300 client PCs that were powered on.
How MTS can help
To resume services as quickly as possible, Multisoft provided immediate 24/7 support to help the company restore their core servers in an isolated network over the weekend. Before reintegrating the recovered servers into the production network, Multisoft thoroughly checked all 80+ servers to ensure they were clean. Additionally, Multisoft deployed new Next-Generation Antivirus (NGAV) to all devices, changed all admin passwords, and installed security patches.
To identify the root cause of the attack, Multisoft implemented Intelligent Threat Detection & Response tools for network monitoring. This investigation revealed all backdoors and underlying issues on production PCs and servers, allowing Multisoft to stop and disconnect the compromised devices. To further protect the company's devices and reduce the risk of a second attack, Multisoft deployed NGAV to protect servers and PCs using a behavior-based model. This ensures that any detected ransomware executable files are immediately terminated, preventing them from affecting the devices.
Upon discovering that the root cause was an outdated VPN gateway that allowed hackers access, Multisoft upgraded the company's firewalls and enabled two-factor authentication on its SSLVPN connection. The Next-Generation Firewall is configured to block all abnormal traffic from external sources and record all locations that Active Directory users attempt to connect from, securing the network.
In addition to cybersecurity, system stability is crucial for business operations. To maintain normal business operations during the recovery process, Multisoft adopted Sangfor VDI, allowing client users to continue working on their devices anytime, anywhere.
Industry
Manufacturer
Vendor
Fortinet
SentinelOne
Sangfor
Solutions
Ad-Hoc emergency services
Incident Response
Next-Generation Anti Virus
Next-Generation Firewall
Virtual Desktop Infrastructure
Issue
Our client's Hong Kong office was connected to five factories through an MPLS network, all sharing the same domain. During a ransomware attack, all exchange servers, file servers, and databases were encrypted, along with over 300 client PCs that were powered on.
How MTS can help
To resume services as quickly as possible, Multisoft provided immediate 24/7 support to help the company restore their core servers in an isolated network over the weekend. Before reintegrating the recovered servers into the production network, Multisoft thoroughly checked all 80+ servers to ensure they were clean. Additionally, Multisoft deployed new Next-Generation Antivirus (NGAV) to all devices, changed all admin passwords, and installed security patches.
To identify the root cause of the attack, Multisoft implemented Intelligent Threat Detection & Response tools for network monitoring. This investigation revealed all backdoors and underlying issues on production PCs and servers, allowing Multisoft to stop and disconnect the compromised devices. To further protect the company's devices and reduce the risk of a second attack, Multisoft deployed NGAV to protect servers and PCs using a behavior-based model. This ensures that any detected ransomware executable files are immediately terminated, preventing them from affecting the devices.
Upon discovering that the root cause was an outdated VPN gateway that allowed hackers access, Multisoft upgraded the company's firewalls and enabled two-factor authentication on its SSLVPN connection. The Next-Generation Firewall is configured to block all abnormal traffic from external sources and record all locations that Active Directory users attempt to connect from, securing the network.
In addition to cybersecurity, system stability is crucial for business operations. To maintain normal business operations during the recovery process, Multisoft adopted Sangfor VDI, allowing client users to continue working on their devices anytime, anywhere.
