By Insight Editor / 23 Nov 2021 / Topics: Data center Modern infrastructure
Facts at a glance
Client industry:
Legal services
Size of company:
200 employees with annual revenues of $50 million
Challenge:
A phishing attack introduced ransomware into the client’s network, infecting the entire infrastructure and freezing operations. Approximately 700 devices were impacted and the law firm faced a $1.8 million-dollar ransom.
Solution:
- Emergency threat identification, containment, and remediation
- Negotiation support and data restoration
- Reactive and preventive network and security solutions
Results:
- Fast and effective data and device restoration
- Prevention of financial losses upwards of $1.8 million
- Stronger security posture against future attacks
- Continued support with an ongoing partner relationship
The client is a successful law firm that has provided legal services for individuals, families, and businesses in dozens of practice areas for more than 50 years. As a top-ranked U.S. law firm and provider of financial services, the client employs more than 200 employees and exceeds annual revenues of $50 million.
When a phishing attack introduced ransomware into the client’s network, the result was a total infection of the client’s infrastructure — approximately 700 devices impacted. Nearly every digital asset was encrypted, freezing operations and triggering immediate remediation efforts. Insight had previously supported the client in an unrelated service area; when the client’s prior contracted service providers attempted containment and remediation to no effect, the firm’s managing partners reached out to Insight leadership for emergency cybersecurity support.
As soon as the client contacted Insight, our Incident Response team took action, working through the night to develop foundational security and define a path forward. Within the first 24 hours, 16 team members from Insight Cloud + Data Center Transformation (CDCT) Consulting Services, Security Services, and Network Professional Services, and Insight Connected Workforce across the country had accomplished significant remediation, including:
Within 32 hours, the client had some business functionality restored, with full functionality restored to their environment over the course of a week. Insight teams were able to successfully restore backup data, eliminating the need for the client to purchase the bad actor’s decryption tool. Expert negotiation efforts also saved the client from paying the requested $1.8 million ransom.
Our work with the client not only helped them to avoid the potentially devastating financial and professional results of an unmitigated data breach but also quickly got their operations back on track and with stronger preventive security measures in place. Once regular operations resumed, we began actively working with the client on further remediation efforts to help provide controls for protecting their environment in the event of another potential ransomware event.
The collaboration, professionalism, and ability to execute delivered by the Insight team impressed on the client the benefits of having a capable and committed technology partner. As a result of Insight’s emergency response work, the client made an additional security service investment and has since determined to consolidate IT partners and route as much IT business as possible through Insight to continue taking advantage of the support and expertise we offer.
