Shortly before the Christmas holiday, cybercriminals hit a major mortgage company with a ransomware attack, completely disabling access to critical systems and data, including on-premises email servers. Acting quickly, West Monroe:
days elapsed to deliver the equivalent of 25 weeks worth of effort to restore critical services
of the client’s 765 workstations rebuilt across the country
in losses avoided due to project efforts
We are beyond grateful for the response received from West Monroe and the dedication of so many people to helping us navigate a potentially devastating situation. West Monroe demonstrated extraordinary ability to troubleshoot, problem solve, and rapidly mobilize the necessary skills and resources to both triage the cybersecurity incident and rebuild our environment. Our sincere thanks to everyone who worked around the clock and sacrificed the start to their holiday season to pitch in.
Attackers rendered the company’s entire on-premise environment unavailable, disrupting all operations not running on cloud-based services. But West Monroe’s investigation into the attack revealed a deeper issue: the attackers had infiltrated the network via an unsecured server and obtained credentials for an administrator account.
The attackers sent encrypted files and a ransom note requesting bitcoin payment in exchange for releasing the files, which could have cost the company up to $90,000.
Though the amount was trivial compared to cost of rebuilding the entire network, the lack of a centralized tracking system meant the company could not determine exactly what and how much information had been lost. Nor could the company determine the attackers’ activity prior to the attack. This meant it couldn’t guarantee the future safety of its current IT system.
Ultimately, the company decided not to pay the ransom and instead tasked West Monroe with rebuilding the entire IT environment.
We quickly assembled a multidisciplinary team of cybersecurity, infrastructure, desktop application management, cloud services, advanced analytics, and business continuity experts.
During a two week period over the holidays, our team worked with leadership to lock down and stabilize the network and restore basic operations to get the company up and running.
Less than three days after the ransom note, West Monroe had identified the source of the attack, isolated the systems, and started planning the recovery process, which involved:
Next, we worked with company leadership to determine which data to scrub, documents to recover, and servers and workstations to restore first.
Rebuilding involved standardizing the system on Windows 10 and Microsoft Office 365 with enhanced security configurations, and automating software deployment. Over 12 hours, the team built two automation platforms; once they were ready, we backed up user data, re-imaged and re-deployed nearly 450 high-priority workstations at two large corporate offices and restored the company’s critical business operations.
Our quick recovery efforts saved the company millions of dollars’ in potential losses.
In just under one week, the West Monroe team delivered the equivalent of 25 weeks’ effort to restore critical services and limit the fallout. In that same timeframe, we deployed 80% of the company’s765 workstations across the country.
Not only did we restore systems and infrastructure already in place, but we put the company ahead. When rebuilding system, we installed the newest technology and implemented upgrades that lowered future IT costs. Having a single, standardized system also strengthened the company against future attacks.