Cyber Attack Recovery

Company: Confidential
Industry: Construction
Engagement: Support
Working Together: Since November 2012
Customer Activity: Creating job records digitally

A GB3 monthly support customer contacted the GB3 help desk on 22 February 2017 as they were unable to open any word or excel files, they received an error message saying the files were corrupt.

Recognising this as a virus, or cyber-attack, the first line support team immediately triggered a ‘P1’ ticket process, which is what we call a Multi-user issue with no work around, the most urgent type of ticket that can be raised. This kind of issue has seen organisations in the UK suffer days and weeks of outages, including NHS Trusts.

How GB3 Support worked to handle the virus:
* Communication to the customer regarding a potential virus, by telephone and text message
* All users were removed from the network and an antivirus was run on all machines and servers
* A threat called a ‘Trojan Horse Generic R’ was discovered
* The threat was cleaned and another scan was then run using different antivirus software to ensure it had been completely cleaned
* The planned back up was disabled so there was no chance of backing up corrupt files, and the file data was restored.

GB3 Impact
1. Communicated Well: GB3 ensured the customer knew immediately of the threat and what steps needed to be taken.
2. Took Ownership: GB3 support team, immediately communicated, removed users, ran scans and once cleaned, began to restore the customer’s data.
3. Delivered on details: Whilst support is provided in the contract from 8 am – 5 pm, the team were determined to ensure that the customer would be up and running the following day and worked into the evening to restore the files.
4. Remained Pro-Active: Recommendations have been provided to the customer on ways they can look to improve their IT Security.

Time Spent
The customer call was reported at 11:29 am and within a few hours normal service had been resumed.