On January 22nd, at 4 pm in the evening, a call came into the Network Operations Center (NOC) of Shield Watch from one of its IT Managed Services clients Rocky Creek Village, a renowned retirement community in Tampa. Garrett Mackey one of the many Remote Engineers at Shield Watch answered the call. Mike on the other side said “Garrett, I can’t access one of our files from the server, it seems like it is corrupted.” Following routine procedure, Garrett immediately jumped online and within seconds was connected to the user’s terminal utilizing Shield Watch’s state of the art, remote monitoring tool, called Kaseya. Shield Watch runs a monitoring agent, called Kaseya on all client terminals for all its Managed Services clients, through which Shield Watch is able to monitor every workstation and remotely run fixes and patches to client workstations.
Right around the same time, another remote engineer of Shield Watch, John Bibbs contacted Garrett notifying him of some unusual activity on the Rocky Creek server that was captured through Shield Watch’s remote monitoring tool. Garrett, the lead remote engineer, now in charge of the ticket started working through the Standard Operating Procedure for such issues. He got increasingly uncomfortable with what he was slowly uncovering. Yes, it’s the worst IT nightmare that any company can face – they were hit by the deadly virus Cryptolocker. Within the first five minutes of Garret’s troubleshooting process, he had the hunch that it was Cryptolocker. Cryptolocker is the worst type of Trojan that encrypts all files on the terminal, spreads through the network and even encrypts backup drives. For more information visit our Blog located here. In Rocky Creek’s case, that could mean a total ransom to the tune of $75,000 to $150,000.
Within a few minutes Shield Watch’s Networks Operations Center (NOC) turned into a War Room and the company executives lined up and Tom Perricone, Shield Watch’s President gave the orders to initiate a Code Red. Shield Watch’s code red procedure is generally initiated when they believe that it’s client’s entire network needs to be immediately quarantined from the outside world and every single workstation (desktop and laptop) needs to be taken off the network because it poses the highest threat to business continuity.
Tom Perricone, Shield Watch’s President made the call to Rocky Creek’s CEO/CFO, Tom Wingo with unfortunate bad news. Tom said “Mr. Wingo, it’s DEFCON 1; your entire network is currently under a virus attack from a Trojan called Cryptolocker and this can bring the entire company down in a matter of hours!” In a matter of fact way Tom said, “I do not have much time to explain this but we need to quarantine your entire network and take you completely offline right now. I need you to trust me on this Mr. Wingo”. Rocky Creek has been with Shield Watch on its IT Managed Services plan for the last 7 years and so for Mr. Wingo trust in Shield Watch was not an issue. He said,” Yes…do what you need to do”.
The remote team started working on the system remotely while the onsite team of three engineers were immediately dispatched. Utilizing Shield Watch’s sophisticated remote monitoring tool, Kaseya, the team was able to deactivate the server network connection remotely and was also able to take each and every workstation off the network. This immediately cut the spread of the virus attack.
The onsite engineering team examined each and every one of the 48 workstations, identified the source of the attack and quarantined that machine. Shield Watch’s IT Managed Services Program is set up to keep system state backups and not just backups of the data. This backup was restored to the server, all the files were restored and the entire IT infrastructure was back up and running in 1 hour and 45 minutes from the start of the attack to the time the system went live again.
By all standards this was a remarkable feat that saved the client hundreds of thousands of dollars in ransom fees and avoided huge business continuity costs. No sensitive (HIPAA) related data was breached thanks to additional security parameters put in place by Shield Watch.
“In today’s world, IT protection has no silver bullet. IT Protection is a sum total of better hardware, better software, stringent protocols and skilled IT Support staff that make up the entire defense mechanism. And in this case, we were so fortunate to have had Shield Watch as our IT partner and when the time came, they delivered the results. They were truly obsessive in their IT support, as their mantra suggests”, said Tom Wingo, CEO/CFO of Rocky Creek. He also went on to say “This incident goes on to demonstrate the level of maturity of the people, processes and systems of Shield Watch that they were able to get us back up and running in such a short timeframe from a virus attack that could otherwise have been catastrophic for our organization”
Commenting on this situation, Shield Watch’s CEO Pratik Roychoudhury said “Our rigorous processes, state of the art systems like Kaseya and highly skilled engineers allowed us to respond to the crisis in a battle-ready way and throughout the crisis, the entire Shield Watch team was singularly focused on getting the client back up and running quickly”.
About SHIELD WATCH:
SHIELD WATCH is a 17 year old IT Managed Services Provider serving the Information Technology & Web Marketing needs of Small & Medium Businesses in the greater Tampa Bay area. While SHIELD WATCH has earned several accolades recognizing its outstanding Customer Service in the past few years, the company is most proud of its 91% client retention rate over the last seventeen years and a 95% Customer Satisfaction Rating over the seventeen years. Talk to SHIELD WATCH today if you want to Worry Free your IT or are looking to expand your brand, build a website and increase website traffic. Call 813-926-9672 or visit http://www.shieldwatch.com to request a FREE assessment of your IT environment.