https://www.xperience-group.com/case-study/responding-to-a-ransomware-attack-a-cyber-security-case-study/
| Industries | |
|---|---|
| Solutions |
A leading heavy engineering and construction company, with 150 employees across the UK and Europe, suffered a ransomware attack that disrupted their operations. Established in the UK 25 years ago, the company is now part of a global group, but, as they grew, they did not keep up to date on their cyber security measures.
In 2023 this lax attitude was exploited by hackers who found weak remote access controls which lead to widespread system failure, resulting in financial and reputational damage.
The attack happened due to an insecure VPN, which allowed the hacker to gain access to the network. Once inside, they scanned for vulnerabilities and exploited, poor password hygiene like weak and reused passwords and lack of Multi-Factor Authentication (MFA).
The attack was well timed, beginning on a Friday evening and going unnoticed over the weekend. When staff returned on Monday morning, they discovered servers were offline and internet access was down. Further investigation revealed ransomware had locked key systems, bringing operations to a standstill.
Xperience’s Cyber Security Team acted quickly to contain the breach and restore business functions. As the hackers had deleted key backups, recovery efforts took five days.
Key actions taken by the Xperience team included:
To enhance future resilience, the client also trialled a Security Operations Centre (SOC) solution for 30 days to improve real-time monitoring and threat detection.
The company’s parent group had to step in to maintain business continuity. With critical systems offline, they had to rely on manual data transfers, which were time-consuming and incomplete.
A business-wide directive was issued to reassess cyber security responsibilities, ensuring clear accountability for IT security.
The cost of the attack went beyond insurance coverage and the parent company brought in external cyber security investigators, leading to major unplanned expenses.
The attack caused supply chain disruptions, delaying global shipments. Additionally, clients, suppliers, and stakeholders demanded assurances about ongoing cyber security improvements.
The absence of an incident response plan and a previous decision not to act on security recommendations left the company exposed. The attack highlighted the critical importance of fundamental cyber security measures. Following Xperience’s involvement, the company now has Multi-Factor Authentication (MFA) across all systems, a secure and monitored remote access solution, and stronger password policies with administrative access segregation to reduce risk.
“This incident was a wake-up call. The company had overlooked basic security measures, making them an easy target. By implementing best practices and strengthening their defences, they are now in a much stronger position to prevent future ransomware attacks.”- Xperience SOC Team.
The ransomware attack forced a company-wide cyber security overhaul, leading to stronger protections, secure access solutions, and ongoing monitoring. With Xperience’s expertise, the company has not only recovered but has also future-proofed its cyber security posture, ensuring greater resilience against future threats
Want to learn more?