After being attacked by ransomware, the services of a French local authority called on Advens to control the attack, limit its impact, recover data loss, and protect them from any future attacks.
It’s Thursday, January 21, 2021. All computers are down and the telephone network is severely disrupted. The signs of a computer hack are evident. Time is running out for the county council of the French Department of Vienne: little by little, a CryptoLocker malware has encrypted the authority’s various files! With corrupt backups, HR systems affected, and road management systems infected, ANSSI is called to the rescue.
Advens then intervenes via videoconference, during the weekend, and two experts come on-site to manage the cyberattack.
“I would like to emphasise the responsiveness of the Advens teams. I was able to contact the teams in a few hours. After an initial video call during the weekend, the CERT Advens teams arrived on-site on Monday. It all got underway very quickly and smoothly.”
Luis Manuel Da Silva • Director of Digital Transition of the French Department of Vienne
Ransomware attack: challenges and issues
The local authority needed quick and effective assistance to deal with this attack, to control it and then to rebuild a sound information system so they could resume their work.
CryptoLocker malware is ransomware, a type of virus that mainly infects the computer systems of local authorities and ministries, but also private companies. To stop the encryption and return the data, hackers demand a ransom.
Our teams’ intervention
Systems compromised by ransomware require a high level of responsiveness from incident response specialists. The three strengths of Advens’ support, according to Luis Manuel Da Silva, Director of Digital Transition for the French Department of Vienne?
- Quality of management, assistance and incident response operations
- Meticulous, rigorous work
- Team availability
“A lot of work has been done, both face-to-face and remotely. Even when they weren’t on site, there was always a communication channel through which you could talk to the experts and get quick answers.”
Luis Manuel Da Silva • Director of Digital Transition for the French Department of Vienne
The Advens advantage
Does more than technical operations to contain the virus infection and repair the information system
Brings reassurance to teams in crisis
Provides the opportunity to rebuild on healthier and more solid foundations
After the attack and intervention: the results
Following the intervention of the Advens CERT, the departmental council was able to rebuild its systems and start again on a healthier basis.
Beyond the technical aspects, the support in this kind of intervention has a very important human dimension. This kind of ransomware attack paralyses a whole community and all the services that depend on it. The teams’ stress level is therefore quite substantial. It is the role of our experts to support and reassure them, both professionally and empathetically.
“Quite paradoxically, I have fond memories of this time of high adrenaline.”
Luis Manuel Da Silva • Director of Digital Transition for the French Department of Vienne
Advens first-responders bring a lot of reassurance and control, and thorough knowledge of what actions to take in order to get back on track in the most secure way possible, all within reasonable deadlines that are universally agreed on.”
Ransomware attack: how to avoid it next time?
After extinguishing the fire and recovering the systems and data, the most important thing is to document the attack and its operational response. With an assessment, formal feedback, and short and medium-term action plans, the local authority is able to project itself towards an even more secure situation than that left by the CERT at the end of the mission.
This is where Advens consultants and experts bring real added value. By documenting their feedback, they make it possible to understand the attack, highlight vulnerabilities and analyse the quality of the response provided.
And if another crisis occurs despite all efforts,it will be more manageable and the attack will have less impact.