Title: AT&T Cybersecurity: A Critical First Responder During a Ransomware Attack on a Municipality
Introduction:
AT&T Cybersecurity’s Managed Threat Detection and Response (MTDR) security operations center (SOC) recently responded to a ransomware attack on a large municipal customer. The attack, carried out by the Royal ransomware group, resulted in disruptions to critical communications and IT systems across several departments. This article highlights the swift and effective response of AT&T analysts during the incident, their support to the customer, and the valuable insights gained from the incident for future protection against ransomware attacks.
Prompt Investigation and Communication:
AT&T analysts acted as crucial first responders, promptly investigating alarms in the USM Anywhere platform and swiftly communicating the attack to the affected customer. Their quick response allowed for immediate containment and remediation efforts. Sharing observed indicators of compromise (IOCs), such as IP addresses and domains, enabled the AT&T Managed Firewall team to promptly block these threats, leveraging the customer’s use of AT&T’s managed firewall services.
After-Hours Support and Detailed Incident Report:
During the height of the attack, AT&T analysts provided extensive after-hours support to the customer. As the customer shared updates on impacted servers and services, the analysts offered guidance on containment and remediation strategies. Within just 24 hours of the initial communications, AT&T analysts compiled a comprehensive report detailing the incident findings. The report not only included recommendations for protecting against future ransomware attacks but also suggested remediation actions in case of legal, compliance, or post-incident forensic review requirements.
Utilizing the Incident Findings for Enhanced Security:
The insights gained from this incident were invaluable for AT&T Cybersecurity’s threat intelligence team, known as AT&T Alien Labs. These findings were incorporated into the security measures and protocols of all AT&T Cybersecurity managed detection and response customers. This proactive approach ensures that the knowledge gained from each incident contributes to strengthening the overall security posture of AT&T’s clientele.
Conclusion:
AT&T Cybersecurity’s role as a critical first responder during the ransomware attack on a municipality underscores their commitment to providing timely and effective incident response services. Their prompt investigation, communication, after-hours support, and detailed incident report showcase their expertise and dedication to mitigating cybersecurity threats. By leveraging the insights gained from this incident, AT&T Cybersecurity continues to enhance the security of their managed detection and response customers, protecting organizations against future ransomware attacks.
Key Points:
1. AT&T Cybersecurity’s MTDR SOC responded to a ransomware attack on a municipal customer.
2. The attack, carried out by the Royal ransomware group, disrupted critical communications and IT systems.
3. AT&T analysts acted as critical first responders, promptly investigating alarms and communicating the attack to the customer.
4. After-hours support and guidance were provided to the customer for containment and remediation efforts.
5. A comprehensive incident report was delivered within 24 hours, including recommendations and remediation actions.
6. Insights gained from the incident were used to enhance security measures for all AT&T Cybersecurity managed detection and response customers.
