Customer success story: AFNOR
When a sudden ransomware attack hit AFNOR Group, it called in Airbus Protect to help diagnose and resolve the incident. After just eight days, our expert team brought AFNOR’s information systems fully back online.
The challenge
In February 2021, AFNOR Group fell victim to the cyber threat every organisation fears – ransomware. Airbus Protect later learned the infection originated from a phishing email sent three days prior. As a result, some of AFNOR’s files were encrypted, and most servers became inaccessible.
When you face this kind of crisis for the first time, you’re momentarily stunned. It was a real advantage to be able to count on a reliable partner like Airbus Protect and have expert responders on our side to help us manage the crisis.
The solution
Investigation
During any ransomware attack, finding out what happened before restoring systems is crucial. This is the only way to ensure that the malware doesn’t spread further.
AFNOR Group called in Airbus Protect’s CSIRT (computer security incident response team) to help study the traces of the attack and identify the origin of the problem. In only three days, our CSIRT experts reconstructed the entire chain of contamination.
Eradication
The next step was eradicating the problem while maintaining the digital chain of evidence. Thanks to our CSIRT’s thorough investigation, it only took eight days for AFNOR Group to get up and running again.
Reconstruction
Just because AFNOR was back online doesn’t mean Airbus Protect’s work was over. Overall, rebuilding and deploying AFNOR’s entire information system took a total of three months.
During this time, our SOC experts set up ‘contingency supervision’ – a rapidly deployable SOC that allowed us to act quickly.
Hardening
A CSIRT’s role isn’t just to control chaos but to prevent it from reoccurring. To be sure hackers couldn’t reactivate the same backdoors, our experts helped AFNOR Group make significant security improvements and rebuild the company’s entire IT infrastructure.
Long-term collaboration
After its ransomware recovery was complete, AFNOR Group decided to continue working with Airbus Protect as a SOC provider. It gradually moved to a standard Airbus Protect SOC solution, which offered expanded monitoring coverage and a new detection approach.
Airbus Protect also spearheaded a ransomware employee awareness programme, with ‘phishing’ campaigns and password hacking tests. As a result, AFNOR Group employees created stronger passwords and learned how to spot suspicious emails and attachments.
Learn more about the cybersecurity offerings
Discover more about the services mentioned in this case study
SOC
We protect clients from both known and unknown cyber threats. Our comprehensive SOC services are delivered 24/7 from secure premises in the UK, France, Germany and Spain.
CSIRT
Are you facing a cyber incident? Our CSIRT will help you recover quickly and minimise damage. We also help prevent future incidents by identifying IT vulnerabilities, recommending remedial measures and advising on regulatory compliance.