KCloud Ransomware Attack Case Study

KCloud Ransomware Attack Case Study will talk about the Ransomware Attack that targeted a prominent Beverage-Can Manufacturer in the Middle East, and also how KCloud helped them to mitigate the damages and escape the perils of the attack.

Business Situation:

The Client is a fast-growing holding company with diversified business operations in the FMCG, Oil & Gas and other key industries. They offer an extensive range of products for the local and regional beverage industry. The company has the latest can manufacturing & IT technologies available in the world.

However, Ransomware, being as common as it is these days, found a way into the Client’s system as well. KCloud, post analyzing, effectively handled the ransomware attack that targeted their organization. In addition, we also provided actionable tips for further safeguarding their system and practice.



The Attack:

Ransomware is a particularly insidious type of malware, which is somehow installed in a device and locks the system down.

  • .bip variant of the Dharma Ransomware virus affected the organization
  • Malicious spam emails brought in this malware
  • This malware scans the system for data files and consequently encrypts them
  • Encrypted file is converted into .java, .wallet, .arrow, .bip or some other format
  • In addition, this ransomware also encrypts mapped network drives, shared virtual machine host drives, and unmapped network shares.

KCloud’s Solution:

  • KCloud, using it’s propriety IP, thoroughly analyzed the issue and confirmed that the security breach happened only through malicious emails and not through SSL VPN
  • These emails came from the domains – qq.com, aol.com, cock.li. Thus, these mail domains were blocked from their mail server.
  • Isolation of affected systems from the Internet as well as the LAN network
  • Hardened Ransomware protection in the firewall
  • Updation of Patch and Anti-virus in the production system

Additional Actions and Protection Methodology:

  • Added features in the firewall to prevent ransomware attacks in the future
  • A thorough study of the Client’s network landscape and firewall
  • Comprehensive security assessment for mischievous domain servers and unused accounts
  • Updated, latest software and Anti-virus applications
  • Finally, the client should have a proper backup and Disaster Recovery in place

You can Download the full Case Study here.

If you are looking to host on KCloud and require a consultation on the licenses or implementation, contact us here.

You can also look for more such case studies and resources on our Website.


Related Posts
Comment ( 1 )
  1. Steve Rogger
    June 10, 2019 at 10:15 am

    Ransomware is some kind of script that is installed in someone’s system which ultimately locks down the system. The KCloud generally targets the IP address for attacking. You may some time encounter canon printer offline windows 10 issue which can be easily fixed.

Leave a reply
Captcha Click on image to update the captcha .