FOGO Solutions’ primary focus is to deliver highly secure and efficient IT solutions to empower our clients in safeguarding their systems against cyberattacks. We are dedicated to providing the necessary tools and expertise to ensure the protection of our client’s valuable data and the smooth operation of their business operations.
FOGO Approach Incident Response
-
1
Assess the severity of the attack
Assess the severity of the attack
Upon receiving the alert about the incident, we immediately dispatched a technician to the customer's location to provide an immediate, in-person response. This rapid on-site deployment allowed our team to promptly commence researching and investigating the situation. The technician diligently assessed the extent of the damage and identified the necessary steps to be taken to restore the customer's operations. This hands-on approach ensured that the customer received timely assistance and allowed us to expedite the recovery process effectively.
-
2
Course of Action
Course of Action
Identifying
Fogo's technicians identified the ransomware utilized in the attack as Cryptolocker, which was responsible for encrypting the data on the customer's devices. Fortunately, during the attack, no evidence indicated that the data had been copied or extracted from the customer's environment. Our experts diligently examined all systems for signs of infection or encryption, meticulously analyzing the attack vectors to determine the most suitable course of action for the customer's environment in its state at the time of the attack.
Remediating
After recognizing that data restoration through secure backup was not feasible, the only viable option left was to pay the ransom to potentially regain access to the data. Once the decryption keys were obtained, the immediate focus shifted to securing and sanitizing the environment. Key steps included disabling the synchronization between the on-premise server and the cloud server, thoroughly cleaning all devices, installing a robust firewall for enhanced security, deploying an endpoint security/antivirus solution across all devices, implementing patch management protocols, and integrating a Remote Monitoring and Management (RMM) system. Additionally, multiple copies of the decrypted data were created, as they became available, effectively restoring functionality to the data and databases.
Communicating
Throughout the process, Fogo Technicians maintained regular and consistent communication with the customer, ensuring they were informed about the attack's status, timing, resolution, and subsequent remediation steps. Daily contact was established, with Fogo techs and the customer engaging in frequent conversations to exchange updates and address any changes that occurred. Multiple times a day, both parties would communicate to stay informed and keep the customer involved in the progress and developments of the situation. In addition to constant customer communication, Fogo techs notified an FBI Cybersecurity contact as well as local authorities and insurance providers.
-
3
Results
Results
The customer's operations were completely restored within a week after the attack, although the decryption process for the data within the environment caused the main delay. It took an additional 2-3 weeks for them to be fully back up and running, which included the necessary efforts to catch up and update all affected parties. Throughout this timeframe, comprehensive security measures and robust disaster recovery solutions were successfully implemented to prevent future incidents.
The expenses incurred as a result of paying the ransom, along with the costs associated with lost wages and business functionality, were carefully assessed. Additionally, the cost of migrating the environment to enhanced security solutions was considered.
100% restoration of data and system functionality was achieved.
Business continuity was increased with the new solutions that Fogo put in place in the customer’s environment.
The customer was extremely pleased with the response time and resolution time that Fogo achieved during the attack and remediation.
Operations Manager & Senior IT Consultant Marc Thompson on the Importance of Regular Security Audits:
“In today's digitally connected world, we are constantly under attack from malicious actors that are trying to steal information and/or money from us personally and through our businesses, large and small. There are many things that can help protect us from these attacks such as Cybersecurity Training, Security Audits (internal and external), and continued discussions on the importance of following best practice uses in our business and home environments. The threat landscape is continuously changing and keeping this fact on the front of our minds is a great way to help prevent attacks such as ransomware, viruses, business disruptions, and more. Security incidents are a vector that shines a light on more serious issues hidden behind the curtain of everyday business activities and systems.
Security audits help protect our critical data, identify security vulnerabilities, create security policies, and track the effectiveness of the strategies and solutions we implement. Regular audits can help employees stick to the best security practices and can help alert us of new loopholes and vulnerabilities. Regular Cybersecurity Training will help all members of your business perform their jobs following best practice scenarios on a daily basis.”
