Earlier this yr, analysts within the AT&T Cybersecurity Managed Menace Detection and Response (MTDR) safety operations heart (SOC) had been alerted to a possible ransomware assault on a big municipal buyer. The assault, which was subsequently discovered to have been carried out by members of the Royal ransomware group, affected a number of departments and briefly disrupted important communications and IT methods.

Throughout the incident, AT&T analysts served as important first responders, promptly investigating alarms within the USM Anyplace platform and shortly speaking the difficulty to the client. Additionally they supplied in depth after-hours help on the peak of the assault—because the buyer shared updates on impacted servers and providers, the analysts gave steering on containment and remediation. They shared all noticed indicators of compromise (IOCs) with the client, a few of which included IP addresses and domains that might be blocked shortly by the AT&T Managed Firewall crew as a result of the client was additionally utilizing AT&T’s managed firewall providers.

Simply 24 hours after preliminary communications, analysts had compiled and delivered to the client an in depth report on the incident findings. The report included suggestions on methods to assist defend in opposition to future ransomware assaults in addition to urged remediation actions the client ought to take within the occasion that authorized, compliance, or deeper post-incident forensic evaluation is required.

Learn our case research to study extra about how our analysts helped the client speed up their time to reply and include the harm from the assault, and find out how the AT&T Alien Labs risk intelligence crew has used the findings from this incident to assist safe all AT&T Cybersecurity managed detection and response clients!