In 2022, a Swiss factory became the target of an organized ransomware attack: Die Swiss IT Security was on-site and implemented its 4-Phase-Recovery system:

• Phase I – Clean Environment: Creating a clean virtual environment using free and available hardware without disturbing the existing investigation and forensics.
• Phase II – Backup & Recovery: Veeam’s patented backup and solution helped restore critical VMs, apps, services, NAS, and local storage. Other areas could be restored using Commvault solutions focusing on disaster and file recovery.
• Phase III – Reinstating Active Directory: Multiple AD services, including AD Domain, AD certificate, AD network policy and AD Connect Sync had to be restored from the ground up.
• Phase IV – Security Hardening: Extended Detection & Response techniques (XDR) had to be implemented using stricter rules and fine-grained monitoring. We’ve used AI-supported Cortex XDR solutions to detect vulnerable devices and monitor incidents using an easy-to-use dashboard:

Check out our Success Story to see how Swiss IT Security AG prevented the spread to other sites and helped resume operations in a few days