Success Stories

Below you will find all the Success Stories of Sangfor, classified by Industry, such as Enterprises, Governments, Schools & Universities, etc.

Ransomware Attack & Recovery with Sangfor Indonesia

10/12/2020

Customer Background:

Sangfor was contacted by one of Jakarta and West Java, Indonesia’s most respected motor vehicle dealers, established in 2001, and employing over 500 people.

 

Incident Overview:

On July 30th, 2020, company administrators discovered that 6 application servers were encrypted. The attack was confirmed to be a version of Crysis ransomware, using ransomware information and encryption suffix.

Experts searched for the encrypted suffix using an “everything tool,” and sorted by time to confirm that the earliest encryption started at 5:53 pm on July 23rd, 2020.


Screenshot


The investigation log showed an Remote Desktop Protocol(RDP) login at 5:41:43 pm on July 23, 2020 using an administrator account and an RDP logout record at 5:31:24 pm on July 23, 2020. Looking at the security log, you can see a large number of login failure records. It can be inferred that the hacker invaded using IP 10.100.X.XXX using an external network and a brute force attack.

 

Investigation Conclusions:

  1. The ransomware family is Crysis, and There is no public decryption tool available during that time
  2. Hackers first logged into 10.100.x.xxx using brute force cracking from an external network, then used it as a jumping off point to log into other hosts on the internal network, and manually run the ransomware.

 

Customer Requirements:

The customer began a search for a vendor who could provide forensic investigation, ransomware removal and enhanced protection.

 

Sangfor's Solution:

Sangfor suggested a combination of Sangfor NGAF, HCI and Endpoint Secure to harden network security and correlate their incident response capabilities.

Ensure that network security devices are properly deployed and installed to protect against both internal and external threats.

  1. NGAF protects the network perimeter from external threats and attacks
  2. NGAF and SSL-VPN restrict unauthorized users from accessing the internal network
  3. Endpoint Secure protects endpoints from both known and unknown malware and viruses
  4. NGAF URL and application filtering ensures that only authorized URL and applications can be assessed by authorized employees

Ensure continuous monitoring of any possible attacks and threats, early detection and proactive response.

  1. Platform X and Cyber Command provide real time monitoring for attack attempts, security incidents and events.
  2. Cyber Command vulnerability and security assessments allow managed security service providers (MSSP) to assess organizational assets for vulnerabilities, threats and risks.
  3. NGAF, Endpoint Secure and Cyber Command product integration provides active and automatic response when an attack attempt is discovered.
  4. Sangfor’s incident management prepares standard operation procedures and incident management plans according to different breach scenarios.
    Ensure quick business recovery by using private cloud platform, Hyper Converged Infrastructure (HCI).

 

Sangfor General Improvement Recommendations

  1. Use VLAN segregation to ensure that all servers are separated based on the role and functionality of the servers
  2. Perform server hardening before migrating to the production environment
  3. Perform vulnerability assessments and penetration tests to identify possible threats and hidden risks on a regular basis
  4. Perform server and network security product configuration reviews to ensure that all settings and configurations are secure
  5. Ensure that the server, firmware and software are updated to the latest version on a regular basis
  6. Ensure high availability and redundancy on servers that support critical business operation
  7. Make sure business data is backed-up on a regular basis
  8. Ensure no unnecessary ports are listening externally and exposed to Internet

Talk to Sangfor now for quick review and assessment on your protection mechanism against ransomware attack.

Global Service Center:
+60 12711 7129 (7511)
sales@sangfor.com
marketing@sangfor.com

Our Social Networks

Global Service Center:

COPYRIGHT © 2000-2020 SANGFOR TECHNOLOGIES. ALL RIGHTS RESERVED.