Addtech - saved after a massive ransomware attack
Ransomware attacks against companies are increasingly more common, and many don’t even know they’re affected. Suddenly being locked out of critical IT systems can be devastating for any organization. When the tech group Addtech, which consists of subsidiaries active within niche technology markets - such as process industries, machine manufacturing and energy - were victims of a ransomware attack, they realized that every second counted. In order to get the company on track as soon as possible they hired Truesec, who were able to restore the group’s IT system and implement new safety measures to prevent future attacks.
The Challenge – victims of a ransomware attack
The Swedish publicly listed technology trading group Addtech consists of approximately 130 independent subsidiaries that sell different high-tech products and solutions to large companies within for example industry, infrastructure, and energy worldwide. Every day, a large quantity of purchase orders, supplier processes, inventory transactions and sales orders within and between the subsidiaries – which are spread throughout 20 different countries – are handled. That the IT systems work flawlessly and are protected from breaches is therefore crucial in order to keep the billion-dollar organization’s operations running.
When Addtech were victims of a massive ransomware attack in October 2019, nearly all activity was halted. 80 of the 130 subsidiaries were affected, which meant that almost 1700 of the 2900 employees of the group were impacted.
Nobody knew how extensive the attack was, or how the attackers managed to get access to the system. For a company in this situation, every second is precious. Addtech realized quickly that they had to get external help. After recommendation, they turned to the IT security experts at Truesec for help.
The Solution – act fast and contact security experts
When solving a problem such as this, the reaction time has a crucial effect on the recovery time. When Truesec arrived with their Truesec Cyber Security Incident Response Team (CSIRT), Addtech’s own IT team stood ready to offer additional local knowledge and application-specific expertise. Thanks to the teams working alongside each other under Truesec’s guidance, the initial job went smoothly. Only 6 hours after Truesec’s arrival at Addtech, a new data center with physical servers had been set up and the rebuilding of the environment had begun. Simultaneously there was an effort to save data and information as well as securing traces of the attackers.
In order to ensure that the threat could be eliminated without risk of further attacks, a forensic investigation was commenced.
- All of the attacker’s activities could be mapped and backdoors to the locked systems were eliminated.
- For Addtech, submitting to the attackers’ ransom demands was never under consideration. The crime was reported to the police, and databases and files with encrypted information were able to be saved anyway.
During the course of the job, Addtech’s management got regular updates regarding the measures and how the work was progressing to provide facts and information to the subsidiaries, who in turn worked around the clock to handle their customers’ deliveries despite the attack. The external communication for a listed company is especially important and the updates were also used to provide, for example, media and investors the correct information.
The result – Addtech’s systems back in production without paying ransom
After a couple weeks of nonstop intense work, parts of the business started to regain functioning systems. After roughly 2 months, each of Addtech’s systems were back in production.
During an incident like this, you truly get to know each other and the IT environment well. Because of this, Truesec is now acting as Addtech’s strategic security partner, and makes sure that the company’s IT structure is well equipped to withstand future attacks. Truesec also watches over Addtech’s environment all day, year-round, in order to prevent future data breaches.
“The help we got from Truesec was utterly fantastic. It was as if we stood there bleeding out from an open wound, and then we saw the ambulance coming around the corner. Truesec’s expertise, experience and security, brought a sense of calm in a time when we were all under extreme pressure. Their enormous contribution shortened our downtime and suffering immensely. We had underestimated the threat to us as a company, but thanks to Truesec we are now working more actively with our IT security.
In the beginning, both the users and us in IT were unaccustomed to all the new routines, but now it’s smooth sailing. Truesec implemented both technical solutions and gave us tips about new processes and routines within many vulnerable areas. Cyber security is an ongoing war, and more companies have to start working in whole new ways like we did in order not to be affected.”
– Jesper Särnholm, Head of IT at Addtech.
For more information
Incident Respons Lead