In the summer of 2017 Spalding County, GA was infiltrated by ransomware. The following case study illustrates how having a security team and protection in place resulted in the best possible outcome for the county. Liberty Technology engineers were able to find the entry point, remediate, and get users back up and running with minimal downtime.
After a report that two Spalding County users couldn't access their files, a quick triage showed that these files has been encrypted. The first response by the team was to shut down the computers and disconnect any access to the servers. A search of all the servers for locally encrypted files tracked the issue back to a remote desktop server that had been opened up to the outside world for a vendor to work on. Looking into the security logs on that server, the team found a brute force attempt trying generic account names. The user name “Intern” was able to log in and start encrypting files. Since there was no important new data, the server was restored from a backup that predated the login attempt. The remote access from the internet was also disabled, which would close the entry point for any further force attempts.