Overview
Company unaware of potential impact from Kaseya ransomware
A major restaurant company grew rapidly via multiple acquisitions. Although it had completed a major initiative to consolidate and standardize its infrastructure, not all its servers were in compliance. A handful of legacy systems were running legacy software including an unknown Kaseya VSA instance. By the time the CISO was alerted of the potential incident, the Mandiant team had already quarantined the at-risk servers.
- Saved Avoided potential revenue losses in the millions
- Stopped Ransomware attack blocked before server encryption
- Fast Rapid alerts to internal management
Challenge
Cyber risks of decentralized, heterogeneous infrastructures
The Corporate Information Security Officer (CISO) of a major global restaurant company paid close attention on the eve of the U.S. Independence Day weekend, one of the company’s top weekends for revenue generation. Newly reported ransomware exploited a vulnerability in Kaseya VSA, a remote monitoring and management tool. There were no documented deployments of Kaseya on any of the restaurant company’s servers. However, the restaurant company was in the middle of a major initiative to consolidate and standardize its infrastructure after several acquisitions. Systems at some subsidiaries were running Kaseya.
Solution
Proactive problem solving
Mandiant alerted the CISO to the potential threat. However, by the time he received the alert, the Mandiant team had already quarantined the at-risk servers.
“The value of Mandiant Managed Defense is not just monitoring. It’s containment. They don’t just watch the logs; they take action if that’s what’s needed to protect my environment from attack. They will remove emails and quarantine servers if that is what is required.”
—CISO, global restaurant company
Results
Mandiant experts add powerful layer to security protections
Partnering with Mandiant is a critical element of the company’s security strategy. The company uses Mandiant Managed Defense, Mandiant Expertise on Demand, and Mandiant Incident Response Retainer as part of a broader IT standardization project.
“Mandiant does more than monitor logs,” the CISO said. “If needed, Mandiant takes action, whether that’s deleting malware from mailboxes or shutting down servers. We never lose time because someone on my team didn’t see an alert or answer a phone call.”
Had the ransomware attack successfully encrypted the restaurant company’s vulnerable servers, the impact would have been enormous. Restaurants—some of which were running targeted holiday promotions—would have had to shut down. The company would have lost millions of dollars in sales and potentially had a public relations incident to recover from.
“Our partnership with Mandiant paid off,” the CISO said. “Thanks to Mandiant, I can sleep at night.”
“I can sleep at night, knowing that Mandiant is there around the clock, monitoring my infrastructure and taking action immediately if there’s an issue.”
—CISO, global restaurant company
More About Company
Global restaurant company
A major, global restaurant company, this U.S.-based corporation serves millions of consumers annually with a variety of fast-food and sit-down dining experiences. The organization has over 30,000 locations and a global presence in over 50 countries.