At-Bay Helps Ransomware Victim Resume Operations in 4 Days and Avoid Ransom Payment
At-Bay Response & Recovery contains ransomware with swift response, vulnerability reporting, and early threat actor discovery
The Target
- Industry: Manufacturing
- Revenue: $25M – $100M
- Size: 50 – 100 Employees
- Attack Type: Akira Ransomware
The Attack
Although the manufacturing company had robust security controls, including MFA and a leading EDR solution, Sentinel-One, it was managed by their MSP.
The company experienced a cybersecurity incident in the middle of the night when their MSP was not monitoring. Multiple servers were rendered unavailable, accompanied by a ransom note from, the ransomware group, Akira.
At-Bay’s Response
At-Bay’s Response & Recovery team was engaged to lead containment and recovery efforts with immediate OSINT gathering and perimeter vulnerability assessment. Due to the suspicion that the existing EDR may have been tampered with by the threat actor, At-Bay uninstalled the client’s EDR (managed by the MSP) and deployed At-Bay’s MDR solution to provide live telemetry and enhanced visibility for the duration of the investigation.
Further investigation revealed that the threat actor had compromised the MSP’s account and disabled the client’s endpoint protection. By the next day, At-Bay identified a ransomware encryptor along with other reconnaissance tools used by the threat actor, which were contained and blocked in real-time, preventing further encryption activity and minimizing additional damage. Critical systems were restored and the client was partially operational within 4 days.
In parallel, At-Bay led a 2-week negotiation process with the threat actor to intentionally allow sufficient time to ensure the viability of the restoration process. At-Bay Response & Recovery successfully completed full restoration and rebuilt the client’s network within two weeks, avoiding a ransom payment altogether.
The Result
- 4 Days: Time from discovery of the attack until restoration of critical operations
- 2 Weeks: Time from discovery of the attack until the firm was back to business as usual
- $390K Saved: The successful restoration helped the client avoid paying a $390,000 ransom
At-Bay Response & Recovery empowers insureds with end-to-end incident response, combining speed, specialized expertise and practical guidance to reduce business disruption. Our approach ensures insureds aren’t left navigating cyber incidents alone. They have immediate access to incident responders, ransom negotiation support, and recovery expertise, resulting in a coordinated, seamless and fast incident response.
Learn more about At-Bay Response & Recovery