SITUATION
FTI Cybersecurity was hired to assist a major aerospace manufacturer with a ransomware attack which brought operations to a halt. Eight of the company’s locations were impacted requiring geographically disparate IT teams to work in concert to restore business operations. Additionally, the client had legacy hardware connected to the network, which posed remediation risks.
OUR ROLE
Our team was onsite at impacted locations within 24 hours. Initial response focused on identifying the malware, performing forensic review, and liaising with law enforcement. Given the client handled Controlled Unclassified Information, we determined that information was accessed. We also identified the threat of legacy equipment and worked to remove these devices. FTI also identified manufacturing machines connected to the corporate network with vulnerabilities. We created stopgap plans to isolate these machines and avoid reinfection risk.
OUR IMPACT
Due to the complexity of the existing infrastructure, had legacy workstations not been isolated, reinfection was a virtual certainty. We worked with the company to ensure consistency in their cybersecurity posture across affiliates and their locations. Our work significantly reduced overall downtime.