Case Study 4: Emergency Services
A Law firm engaged a vendor to install a multi-function, printer-driver business-critical server. The vendor used an inexperienced technician to carry out the work. An account with administrative privileges was created with a very simple password to run the printing service on the server.
The network was compromised via a firewall vulnerability. The newly created administrative account was compromised and used to inject ransomware.
All data on the client servers was encrypted. Client information couldn’t be accessed for 15 days. The firm lost clients from not being able to process legal work.
How Nettology Helped/Provided Solutions:
Nettology was quickly able to diagnose, troubleshoot and find the source of the breach and quickly lock down the firewall and disable the compromised and other rogue accounts that were created. We were able to restore the client data, but since the client only had a file-level cloud backup in place with a not-so-good vendor, the data recovery took extremely long. Servers had to be rebuilt and the applications re-installed because there was no Image-level backup.
Nettology worked with the client to institute best practices and procedures for dealing with vendors accessing the network. The firewall was replaced with a Cisco ASA. Netology also put a Datto Business Continuity solution in place that backs up the entire image of the servers several times a day and sends it to a secure data center for availability if there is Disaster Recovery level event