ArcherPoint Helps a Company Quickly Recover from a Serious Ransomware Attack and Leverages Microsoft Azure to Avoid Future Incidents
In today's digital landscape, mid-sized companies are prime targets for ransomware attacks. This case study examines an anonymous mid-sized company that suffered a ransomware attack due to their outsourced security provider's failure to deploy Multi-Factor Authentication (MFA). This incident underscores the importance of robust cybersecurity measures and careful vetting of third-party security services.
The Challenge
This company was comfortably running NAV 2017 on premises when it was faced with a severe ransomware attack. The attack crippled its systems during a business day while it was in full use. The ransomware infiltrated its management server, allowing attackers to corrupt critical business data, including SQL databases and file servers.
The initial warnings that something was wrong came when employees couldn’t access critical software, but they soon understood the full extent of the breach once they realized that the attackers had compromised the backups, corrupting vital data. As the team’s lead shared, “Within a matter of probably six hours, everything was gone.”
The company’s reliance on an IT provider who failed to enact essential security measures such as multi-factor authentication compounded the issue. This attack exposed a critical vulnerability: the need for comprehensive data security, frequent air-gapped backups, and robust, cloud-based disaster recovery measures.
The Solution
The immediate priority was to stabilize operations and minimize downtime so the company could continue to operate while its data and processes were restored.
The company’s existing partner rebuilt the infrastructure. Meanwhile, the company’s response team coordinated with ArcherPoint to implement Microsoft Dynamics 365 Business Central SaaS for improved security. ArcherPoint also deployed endpoint monitoring to detect and block suspicious activities in real time.
“This was a collaborative group effort all the way through,” said Matthew Schmider, IT Technical Consultant with ArcherPoint. “The company was losing $200,000 for every day of downtime, so the goal was not just for improved security, but to get things working again as quickly as possible so it could function as a business. “We got them running on SaaS and transacting business in seven days.”
To add to the stress, the company was not just deploying Business Central; it was also relying on a major ISV solution that was industry specific.
“Unfortunately, they were left with nothing to go on; it was all gone,” said Schmider. “They had no backups, only what they had printed out – reports, opening balances, and some master records. After we got them up and running on SaaS, we worked with their team to set up their financials and get the reporting and Power BI going.”
Recounting the recovery efforts, the team lead highlighted, “ArcherPoint helped us start up an environment where we could create payables and keep track of our money, who paid us and who we needed to pay, as well as tracking our inventory. By the end of the first week, we knew it was going to work. Collaboration with the ArcherPoint team was instrumental in executing our plan effectively.”
The company’s team meticulously recreated the company’s digital ecosystem, manually re-entering data from hard-copy backups to rebuild the database. The effort was a full-time operation. “One team member handled the financials while I focused on the inventory side,” said the company’s team lead. “We had to reset 270-plus email passwords, recreated domain structures, and input thousands of inventory items.”
Determined to avoid any future vulnerability, they switched to a Microsoft Cloud architecture leveraging SharePoint Azure MFABCSAS.
What's Next
Now on a secure, scalable cloud platform with Business Central SaaS, the company plans to conduct a user-access audit to identify employees’ needs and adjust access levels accordingly. This will further streamline operations and improve cost efficiency.
Additionally, the team will expand cybersecurity training and explore ongoing cyber insurance options to enhance future resilience. The team lead summarized the lesson learned: “In a world where ransomware is rampant, being with a reliable provider behind a robust firewall is the safest approach.”
“There is now security in place that wasn’t there before,” said Schmider. “They're on Business Central SaaS, they have endpoint security with constant monitoring, and the Microsoft Azure infrastructure provides security and backup services. They have better security; they have a better system.”
The company is committed to maintaining these fortified security protocols, equipping the team for any future threats, and continuing to improve operational efficiency by refining Business Central customizations.
“These kinds of attacks are not uncommon,” said Schmider. “Companies don't realize how bad it is until they actually experience it. Why don't you get these benefits now before you’re forced to?”
What Makes ArcherPoint Different?
Our clients see their business systems as unique and important to their competitive position. They prefer software and technology to support their business processes, not the other way around. Our clients are looking for a strategic partnership with the company that implements their software, not just a vendor. They demand the most talented, experienced professionals who understand how to quickly, efficiently solve their business issues. If this describes you, we invite you to contact us to learn more about our people, company and solutions.