Earlier this 12 months, analysts within the AT&T Cybersecurity Managed Risk Detection and Response (MTDR) safety operations middle (SOC) have been alerted to a possible ransomware assault on a big municipal buyer. The assault, which was subsequently discovered to have been carried out by members of the Royal ransomware group, affected a number of departments and briefly disrupted crucial communications and IT methods.
Through the incident, AT&T analysts served as crucial first responders, promptly investigating alarms within the USM Wherever platform and shortly speaking the problem to the shopper. In addition they supplied intensive after-hours assist on the peak of the assault—because the buyer shared updates on impacted servers and companies, the analysts gave steering on containment and remediation. They shared all noticed indicators of compromise (IOCs) with the shopper, a few of which included IP addresses and domains that may very well be blocked shortly by the AT&T Managed Firewall workforce as a result of the shopper was additionally utilizing AT&T’s managed firewall companies.
Simply 24 hours after preliminary communications, analysts had compiled and delivered to the shopper an in depth report on the incident findings. The report included suggestions on tips on how to assist shield in opposition to future ransomware assaults in addition to steered remediation actions the shopper ought to take within the occasion that authorized, compliance, or deeper post-incident forensic overview is required.
Learn our case examine to study extra about how our analysts helped the shopper speed up their time to reply and comprise the injury from the assault, and find out how the AT&T Alien Labs risk intelligence workforce has used the findings from this incident to assist safe all AT&T Cybersecurity managed detection and response prospects!