2020 Annual Report

3 min read

Rebuilding after a lockdown cyber attack

Story synopsis

  • When a UK-based engineering firm was hit by a ransomware attack at the start of the UK’s lockdown, its entire system was disabled. Over a three-week period a 40-strong Deloitte team rebuilt the system remotely, firmly closing the door to future would-be hackers.

As UK lockdown measures came into effect in response to the global outbreak of COVID-19, the challenges posed to every business came into sharp focus.

Overnight, workforces switched to remote working practices and entire supply chains, from grocery to car production, adapted to meet changing demands.

For one UK-based engineering firm, another undetectable threat was also looming. On the first Friday of lockdown, its systems were targeted by a ransomware attack.

The firm turned to our cyber team for help.

Total outage

The ransomware attack that was launched disabled the client’s entire system, taking the team offline across all of its sites, including its UK headquarters, and locations in the rest of Europe and Asia.

Within hours, Deloitte deployed a team of 40 to start a system rebuild. Over the course of three weeks, the firm was back to an operational state.

During that initial project time, in addition to a complete systems outage, Deloitte’s cyber experts had to contend with the challenges posed by the outbreak of COVID-19.

With lockdown measurements already in place at the time of the attack, and government guidelines on social distancing prompting a shift to working from home, the team had to conduct the project almost entirely remotely.

What would usually be done in situ – from client interactions to the writing of code – was done, in many cases, hundreds of miles away from the attack epicentre.

Recovery and future-proofing

Deloitte helped clean up the targeted system to ensure operations could rapidly get back up and running. An initial cyber investigation was conducted to establish the “who, what, when, where, and why” of the attack and, crucially, identify which part of the compromised system was open and vulnerable.

By prioritising pressures in its supply chain and working with the Executive and IT team, we were able to recover existing business systems to reduce the likelihood of reoccurrence, whilst assessing the robustness of security controls to help structure the company’s future IT strategy.

Closing the door to hackers

With so many UK workers operating from home, just having secure ways of emailing was imperative.

The result of Deloitte’s work meant the business, once operational, could carry on with its work but with greatly improved security controls in place.

The system rebuild has ensured that any open back door is now firmly closed to would-be hackers – and they’ll have far more difficulty unpicking the locks in future.

Share this insight

Currently reading

Rebuilding after a lockdown cyber attack

Read more Impact stories

Related themes