Addtech Saved After a Massive Ransomware Attack

CSIRT

Ransomware attacks against companies are increasingly more common, and many aren’t even aware they’re affected. Suddenly being locked out of critical IT systems can be devastating for any organization. When the tech group Addtech were victims of a ransomware attack, they realized that every second counted. To get the company back on track as soon as possible, they hired Truesec which was able to restore the group’s IT system and implement new safety measures to prevent future attacks.

The Swedish publicly-listed technology trading group Addtech consists of approximately 130 independent subsidiaries that sell various high-tech products and solutions to large companies within industry, infrastructure, and energy worldwide. Every day, a large quantity of purchase orders, supplier processes, inventory transactions and sales orders within and between the subsidiaries – which are spread throughout 20 different countries – are handled. To have flawless IT systems protected from breaches is therefore crucial to keep the billion-dollar organization’s operations running.

Victims of a Massive Ransomware Attack

When Addtech was the victim of a massive ransomware attack in October 2019, nearly all activity was halted. A total of 80 of the 130 subsidiaries were affected, which meant that almost 1,700 of the 2,900 employees of the group were impacted.

Nobody knew how extensive the attack was, or how the attackers managed to get access to the system. For a company in this situation, every second is precious. Addtech quickly realized that they had to get external help. After a recommendation, they turned to Truesec for help.

The Solution – Act Fast and Contact Security Experts

When solving a problem such as this, the reaction time has a crucial effect on the recovery time. When Truesec arrived with their Cybersecurity Incident Response Team (CSIRT), Addtech’s own IT team stood ready to offer additional local knowledge and application-specific expertise. Thanks to the teams working alongside each other under Truesec’s guidance, the initial job went smoothly. Only six hours after Truesec’s arrival at Addtech, a new data center with physical servers had been set up, and the rebuilding of the environment had begun. Simultaneously there was an effort to save data and information and secure traces of the attackers.

To eliminate the threat without risk of further attacks, a forensic investigation was initiated.

  • All of the attacker’s activities could be mapped, and backdoors to the locked systems were eliminated.
  • For Addtech, submitting to the attackers’ ransom demands was never under consideration. The crime was reported to the police, and databases and files with encrypted information were able to be saved anyway.

It was as if we stood there bleeding out from an open wound, and then we saw the ambulance coming around the corner. Truesec’s expertise, experience, and security brought a sense of calm at a time when we were all under extreme pressure.

Jesper Särnholm, Head of IT at Addtech.

During the course of the job, Addtech’s management received regular updates regarding the measures and how the work was progressing to provide facts and information to the subsidiaries, who in turn worked around the clock to handle their customers’ deliveries despite the attack. The external communication for a listed company is especially important, and the updates were also used to provide, for example, media and investors with correct information.

Addtech’s Systems Back in Production Without Paying Ransom

After a couple of weeks of nonstop intense work, parts of the business started to regain functioning systems. After roughly two months, each of Addtech’s systems were back in production. During an incident like this, you truly get to know each other and the IT environment well. Today, Truesec is Addtech’s go-to strategic security partner, making sure the company’s IT structure is well-equipped to withstand future attacks. Truesec also monitors Addtech’s environment all day, year round, in order to prevent future data breaches.

We had underestimated the threat to us as a company, but thanks to Truesec we are now working more actively with our IT security. Cybersecurity is an ongoing war, and more companies have to start working in whole new ways like we did in order not to be affected.

Jesper Särnholm, Head of IT at Addtech.