AFECOR

AFECOR was hit by Dharma/Crysis ransomware: files encrypted, operations frozen and a ransom note on screen. We came in to recover without paying — restored from viable backups, restructured the network, deployed a domain controller and rolled out ESET Endpoint Security to close the attack vector.

The challenge

An industrial operation frozen by ransomware doesn’t have "a week of margin". We had to decide fast what to restore from backup, what to rebuild from scratch, and how to keep the same vector from getting back in the next day.

What we did

• Incident triage: inventory of compromised endpoints, identification of the vector and network isolation to stop further spread.
• Selective restoration from clean backups; rebuild of systems with no viable backup.
• Network redesign: VLANs, administrative segmentation, domain controller (Active Directory) with centralized policies.
• ESET Endpoint Security deployed across the fleet, with a central console and rules that block the original vector.

Results

• Operations recovered without paying ransom.
• Network redesigned — the same vector no longer gets through.
• Centralized, auditable endpoint security; future incidents are immediately visible.