InfoGuard AG (Headquarter)
Lindenstrasse 10
6340 Baar
Switzerland
InfoGuard AG
Stauffacherstrasse 141
3014 Bern
Switzerland
InfoGuard Deutschland GmbH
Landsberger Straße 302
80687 Munich
Germany
We are already at the last part of our advent story. After a nerve-racking week with many successes, but also plenty of setbacks, we are now in the final phase. All's well that ends well? You’ll find out today.
9:30 a.m.: Fürst is feeling very confident – the plan seems to be working. Everyone is still working flat out and things are moving forward. The InfoGuard security solutions do not seem to be detecting any anomalies either. Mr Grunder, the IT manager, can finally catch his breath.
On the other hand, Fürst is losing heart again, because now it is the customers who are causing problems. Many of them already found out about the attack due to admin making contact with them, and in fact, they were also informed that the online shop was working normally again and that orders could now be accepted and processed as usual. So why are there so few orders coming in? In the end, it turns out that many people had not wanted to unnecessarily overload E-Trade AG with orders, as they already had enough on their plate with the hacker attack. Fürst is furious again because the last thing he needs right now is a lack of orders and consequently cash flow problems. His admin staff contacts the customers again and the message that everything is working normally again is highlighted in bold on the emergency homepage.
4:30 p.m.: What a week! All participants are shattered in a way they haven't felt in a long time. Over the last two days, they have worked tirelessly to rebuild the system, but when there's a crisis there is no end to the working day, and on weekends either. Despite all the discipline, however, many are happy that the InfoGuard CSIRT and the internal IT team will continue to staff their teams over the weekend to make sure that everything is back under control. Of course, Fürst and Grunder remain on site. With Ryuk you never know, and there is no question of taking it easy.
8:20 a.m.: The staff has worked through the weekend and now almost all of the systems are up and running again – a new milestone! However, it will still take a while before employees can access all the tools...
...to this day. But this time Gunder plays it safe before the official go-live. Metre-high firewalls are protecting the E-Trade AG network systems and all IT staff are closely observing what is going on in the background.
1:30 p.m.: Everyone can finally get back to work. But there is a change in productivity: every e-mail is read through three times and analysed in detail. And of course, no links are clicked on, for sure. Fürst can’t even say that these concerns are groundless because he has been treating e-mails like hot potatoes ever since. Fürst has decided that as soon as the nightmare is over, it's definitely time for a security awareness campaign.
The days have flown by in no time at all. The Ryuk "project" was successfully brought to an end without paying a single bitcoin. Grunder and his whole team are more than happy to finally be able to sleep well again (more or less). The InfoGuard CSIRT has also decamped in the meantime, but of course, it continues to monitor the systems from the InfoGuard Cyber Defence Center.
3:10 p.m.: Fürst has been in his office for a long time – on his own, and for a while now, without being constantly distracted by push messages. Although he is looking forward to finally clearing his head again over the next two days, he looks back over the incident and puts his thoughts down on paper. Not just for him, but also for people like you, our readers, so that the same thing doesn't happen to you. Here are his most important takeaways from the incident:
Grunder is glad to have had points one to three in place. As for point four... yes, there is still room for improvement, he must admit, but that has to wait. He really deserves to have the weekend off, and on Monday he wants to celebrate with his fantastic employees – not only because it's Christmas, but because Ryuk could not have been beaten without their support!
Of course, our cyber security experts will be giving you more tips on how to optimise your cyber security in the new year. We can promise you that Ryuk – or one of his associates – will be back. Start the new year with a targeted security review, security audits and penetration tests to verify your security processes, the IT infrastructure and your employees. Thanks to our broad spectrum of services, we can find exactly what you need. From cyber security audits & compliance assessments, simulated cyber attacks (Cyber Attack Simulation) and penetration tests to social engineering and phishing audits, application audits and more. Discover our services and contact us now!
We hope you have enjoyed our little advent story about Ryuk – not quite a classic, but it does have a happy ending. Maybe you're wondering why we are telling you a story like this at all. Once again in 2019, a sad new record was set. Never before have there been so many successful cyber attacks. While the number of unreported cyber attacks is unknown, it is certainly much higher than what has been reported. This is the reason why our specialists are working day in day out to make Switzerland safer, create awareness and protect as many companies from cyber attacks as possible. Via our advent story about Ryuk, we wanted to open your eyes and warn you that an attack can strike your company at any time – and sometimes there's no happy ending.