Mandiant offers effective security solutions for proliferating ransomware attacks
Ransomware is a prevalent cyber threat, affecting clients across every industry. Mandiant partners with international, federal, state, and local governments to deliver holistic cyber security capabilities through solution-based models. The approaches and practices used for government sectors are regularly applied to clients in other industries as well.
- One day for Mandiant experts to arrive on-site for triage
- Two week engagement needed for the threat to be neutralized
- 24x7 remote security operation center deployed for attack and threat monitoring
Challenge
Ransomware in government sectors requires investigation and remediation
Government agencies and their associated groups are increasingly targeted by adversaries seeking compensation to release critical resources such as 911 recordings, court documents, and healthcare administration files.
Experts agree that prevention is the best mode of defense, and many organizations make every attempt to prevent a ransomware event. But budget, misaligned decision-making, and other factors often inhibit proper preventative actions. The goal of adversaries is simple: gain control, incite panic, and receive payment. To effectively defend against ransomware, it’s critical to consider threat actor motivations and connections between attack vectors.
Mandiant consultants were contacted by the Chief Information Security Officer (CISO) of a North American city to investigate and remediate a ransomware attack. The adversary gained access and locked down the city’s internal network, creating concerns about a potential shutdown of the city’s entire infrastructure.
Solution
Threat identified, neutralized by Mandiant within two weeks of monitoring
Mandiant experts were deployed to execute a comprehensive security plan to eradicate the threat, apply proper remediation, and ultimately improve the city’s end-to-end security posture.
The ability of a security team to properly assess this threat vector, stop its proliferation, remove its foreign artifacts, and maintain business continuity is paramount to mitigating ransomware.
With the technology stack in the client’s environment, Mandiant consultants initiated two preliminary remote actions to assess the ransomware event before arriving on-site. The consultants correlated their findings to aggregate and cross-reference malicious cyber data. Mandiant experts were then able to make new connections between the attacker and the agency’s specific environment. Over a two-week engagement, the threat was identified and neutralized.
Within 30 days of deploying Mandiant Managed Defense, consultants blocked a new ransomware variant that bypassed the city’s existing email security tool. The city continues to use Mandiant Managed Defense as its primary detection and response service for cyber defense.
The consultants also delivered a Mandiant Ransomware Defense Assessment to evaluate the client’s environment for vulnerabilities exploited by modern ransomware attacks. They assessed the impact a ransomware attack could have on the city’s internal network, discovered what data could be jeopardized or lost, and tested the effectiveness of its security controls to detect and respond to a targeted ransomware attack.
Results
Back to business as usual with networks rebuilt, threats mitigated
Mandiant Incident Response experts helped rebuild the city’s infrastructure, detail security gaps, mature the city’s security posture, and create an effective incident response plan. Mandiant consultants shepherded the city through rebuilding their networks so they could return to business as usual, as quickly as possible.
The consultants provided collaboration with security leadership on overall security efforts and tested the city’s new incident response plan. The strategic and tactical recommendations significantly reduced the impact and scope that an attack could have on the city in the future.
Overall, Mandiant identified the need for further mitigation recommendations, including:
- Network segmentation for better control of traffic flow across the network
- Tighter access controls to limit improper handling of vital parts within the network
- Regular evaluation and testing to ensure network backups are working accordingly
- Implementation of multi-factor authentication
More About Company
North American city improves security posture following attack
A North American city’s government suffered harmful consequences from a targeted ransomware attack. An adversary gained access and locked down the city’s internal network, putting the city’s entire infrastructure at risk—including their 911 dispatch center and property tax administration agency. The city turned to Mandiant to bolster their security capabilities for the future.