After being attacked by ransomware, the services of a French local authority called on Advens to control the attack, limit its impact, recover data loss, and protect them from any future attacks.\u00a0<\/p>\n\n\n\n
It\u2019s Thursday, January 21, 2021. All computers are down and the telephone network is severely disrupted. The signs of a computer hack are evident. Time is running out for the county council of the French Department of Vienne: little by little, a CryptoLocker malware has encrypted the authority’s various files! With corrupt backups, HR systems affected, and road management systems infected, ANSSI is called to the rescue.\u00a0<\/p>\n\n\n\n
\u201cI would like to emphasise the responsiveness of the Advens teams. I was able to contact the teams in a few hours. After an initial video call during the weekend, the CERT Advens teams arrived on-site on Monday. It all got underway very quickly and smoothly.\u201d <\/p>\n <\/blockquote>\n The local authority needed quick and effective assistance to deal with this attack, to control it and then to<\/strong> rebuild a sound information system<\/strong> so they could resume their work.\u00a0<\/p>\n\n\n\n Systems compromised by ransomware require a high level of responsiveness from incident response specialists. The three strengths of Advens’ support, according to Luis Manuel Da Silva, Director of Digital Transition for the French Department of Vienne?\u00a0<\/p>\n\n\n\n \u201cA lot of work has been done, both face-to-face and remotely. Even when they weren’t on site, there was always a communication channel through which you could talk to the experts and get quick answers.\u201d <\/p>\n <\/blockquote>\n Does more than technical operations to contain the virus infection and repair the information system<\/span><\/span>\u00a0<\/span><\/p>\n\n <\/div>\n <\/div>\n <\/div>\n Brings reassurance to teams in crisis<\/span><\/span>\u00a0<\/span><\/p>\n\n <\/div>\n <\/div>\n <\/div>\n Provides the opportunity to rebuild on healthier and more solid foundations<\/span><\/span>\u00a0<\/span><\/p>\n\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n<\/div>\n\n\n\n Following the intervention of the Advens CERT, the departmental council was able to rebuild its systems and start again on a healthier basis.<\/p>\n\n\n\n \u201cQuite paradoxically, I have fond memories of this time of high adrenaline.\u201d <\/p>\n <\/blockquote>\n Advens first-responders bring a lot of reassurance and control, and thorough knowledge of what actions to take in order to get back on track in the most secure way possible, all within reasonable deadlines that are universally agreed on.\u201d<\/p>\n\n\n\n <\/p>\n\n\n\n After extinguishing the fire and recovering the systems and data, the most important thing is to document the attack and its operational response. With an assessment, formal feedback, and short and medium-term action plans, the local authority is able to project itself towards an even more secure situation<\/strong> than that left by the CERT at the end of the mission.\u00a0<\/p>\n\n\n\n After being attacked by ransomware, the services of a French local authority called on Advens to control the attack, limit its impact, recover data loss, and protect them from any future attacks.\u00a0 It\u2019s Thursday, January 21, 2021. All computers are down and the telephone network is severely disrupted. The signs of a computer hack are […]<\/p>\n","protected":false},"featured_media":2569,"template":"","taxo_secteur":[39],"taxo_expertise":[70],"class_list":["post-3378","cas-client","type-cas-client","status-publish","has-post-thumbnail","hentry","taxo_secteur-public-services","taxo_expertise-incident-response"],"acf":[],"yoast_head":"\n
Advens then intervenes via videoconference, during the weekend, and two experts come on-site to manage the cyberattack.\u00a0<\/p>\n\n\n\n\n
Ransomware attack: challenges and issues <\/h2>\n\n\n\n
CryptoLocker malware is ransomware, a type of virus that mainly infects the computer systems of local authorities and ministries, but also private companies. To stop the encryption and return the data, hackers demand a ransom.\u00a0<\/p>\n\n\n\nOur teams’ intervention<\/h2>\n\n\n\n
\n
The Advens advantage <\/h3>\n <\/div>\n <\/div>\n\n \n
<\/h4>\n
<\/h4>\n
<\/h4>\n
After the attack and intervention: the results <\/h2>\n\n\n\n
Beyond the technical aspects, the support in this kind of intervention has a very important human dimension<\/strong>. This kind of ransomware attack paralyses a whole community and all the services that depend on it. The teams\u2019 stress level is therefore quite substantial. It is the role of our experts to support and reassure them, both professionally and empathetically.<\/p>\n\n\n\n\n
Ransomware attack: how to avoid it next time? <\/h2>\n\n\n\n
This is where Advens consultants and experts bring real added value. By documenting their feedback, they make it possible to understand the attack, highlight vulnerabilities and analyse the quality of the response provided.\u00a0<\/p>\n\n\n\n
And if another crisis occurs despite all efforts,it will be more manageable and the attack will have less impact.<\/strong>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"