How to Recover from a Devastating Ransomware Attack

[rakhirhif8963]

CE Niehoff & Co., a manufacturer of generators for the marine, construction and special-purpose machinery industries, has fallen victim to a targeted ransomware attack called Ryuk. The company's CIO, Calvin Larue, tells InformationWeek how the company's small IT staff managed to cope with the aftermath of the cyberattack and resume operations without succumbing to extortion threats.

It took the small IT team at CE Niehoff several weeks to deal with the aftermath of the Ryuk malware attack, which was injected into the company's network by an employee clicking on a malicious link in a phishing email. During the initial phase of the attack (it was later determined that the Ryuk attack was preceded by the india whatsapp data of the Trickbot bot tool), it was discovered that the malware was infecting endpoints and servers undetected by the detection system, stealing industrial secrets and credentials from them.

After analyzing the details of the network intrusion, LaRue came to the conclusion that the bot injection was part of a larger plan to infect the company's network, and the problem had taken a more serious turn. He came to this conclusion when he logged into the company's network from home and saw the attacker launch a PowerShell session on one of the company's servers and then begin copying credentials from the servers, disabling security measures along the way: "It was like slow motion. I knew our network had been infiltrated and that it was serious. We had lost the keys to our network."