Our client office is located in Hong Kong with a network connected to 5 factories, where all sites were connected by MPLS and sharing the same domain. Once ransomware has attacked, all of the exchange servers, file servers, and databases were encrypted, as well as over 300 Client PCs that were powered on.
To resume their services in earliest manner, MTS has provided an immediate 7x24 service to help the company restore the core server in an isolated network over the weekend. Before moving the recovered servers back into production network, MTS has checked all recovered servers (over 80 QTY) to ensure these servers are clean. MTS also deployed new NGAV to all devices, changed all admin passwords, and installed security patches. To find out the root cause of attack, MTS has also adopted an Intelligent Threat Detection & Response tools to the company for network monitoring. Through this investigation, all backdoors and underlying problem behind production PCs and servers were found, so we can stop and disconnect those attacked devices. To further protect the company device and lower the risk of second attack, MTS has also made use of deploying Next-Generation Antivirus to protect Servers and PCs in a behavior based model. Once any ransomware executable files are detected, those ransomware processes can be terminated immediately and stay away from the device. Finally, when we found that the root cause is from an outdated VPN gateway that opens a door to hackers, MTS has done an upgrade on their Firewalls, and enable Two-factor authentication on their SSLVPN connection. By configuration, the Next-Generation Firewall is able to block all abnormal traffic from external to the internet, and record all the locations that AD users are trying to connect to secure their network. Other than cyber security, system stability is also a fundamental basis for a company. To maintain a normal business operation while doing the rescue work, MTS has also adopted Sangfor VDI for client users to continue working on their devices anytime, anywhere.