This case study describes how a global manufacturer with 20 offices and many newly acquired, poorly unified divisions was hit by a fast-moving ransomware attack as most staff shifted to remote work. Critical Start Incident Response was engaged late on a Friday; within about an hour they identified the ransomware, its scripts, and indicators of compromise, isolated and blacklisted infected machines, and restored operations so shipping resumed by Monday. Over the next three months they continued containment and forensics, helped rebuild Active Directory, analyzed logs and VPN/email, and recommended long-term improvements such as MFA, Microsoft 365 Defender, phishing training, better log retention, and privileged account management, while the IT director emphasized the value of unified securi

Join for free to read