[ad_1]
Earlier this 12 months, analysts within the AT&T Cybersecurity Managed Threat Detection and Response (MTDR) safety operations middle (SOC) have been alerted to a possible ransomware assault on a big municipal buyer. The assault, which was subsequently discovered to have been carried out by members of the Royal ransomware group, affected a number of departments and briefly disrupted crucial communications and IT techniques.
During the incident, AT&T analysts served as crucial first responders, promptly investigating alarms within the USM Anywhere platform and shortly speaking the problem to the shopper. They additionally offered in depth after-hours help on the peak of the assault—because the buyer shared updates on impacted servers and companies, the analysts gave steerage on containment and remediation. They shared all noticed indicators of compromise (IOCs) with the shopper, a few of which included IP addresses and domains that may very well be blocked shortly by the AT&T Managed Firewall staff as a result of the shopper was additionally utilizing AT&T’s managed firewall companies.
Just 24 hours after preliminary communications, analysts had compiled and delivered to the shopper an in depth report on the incident findings. The report included suggestions on find out how to assist shield towards future ransomware assaults in addition to recommended remediation actions the shopper ought to take within the occasion that authorized, compliance, or deeper post-incident forensic assessment is required.
Read our case examine to study extra about how our analysts helped the shopper speed up their time to reply and comprise the injury from the assault, and learn the way the AT&T Alien Labs risk intelligence staff has used the findings from this incident to assist safe all AT&T Cybersecurity managed detection and response prospects!