Updated May. 16, 2017 at 12:22 p.m.

Beating 'ransomware:' How Durham auto parts firm won its battle

Published: 2017-05-16 07:55:00
Updated: 2017-05-16 12:22:08


"If you are not keeping current on the latest IT security measures and software patches, your business is exposed." - AW NC General Manager John Peterson.

DURHAM - "The world moves with our transmissions," says automatic transmission manufacturer AW of North Carolina. But a recent spate of "ransomware" and other network meddling threatened to knock the Durham company out of gear.

How to respond? Better yet, how to pre-empt?

A transmission made by AW of NCAW turned to AT&T for help when its own enterprise network came under attack. The AW case serves as an example of how companies can defeat such attacks as the "WannaCry" global onslaught over the past several days. (Cybersecurity experts are pointing to circumstantial evidence that North Korea may be behind the global "ransomware" attack: the way the hackers took hostage computers and servers across the world was similar to previous cyberattacks attributed to North Korea, reports The Associated Press.)

For example, making sure your network's security is up to date. The WannaCry attack exploited networks where in many cases "patches," or upgrades, had not been made to protect a well-publicized vulnerability.

"If you are not keeping current on the latest IT security measures and software patches, your business is exposed," AW NC General Manager John Peterson to d WRAL TechWire.

In an exclusive interview, Patterson talks about how his firm fought back - and won.

“It was essential to find a solution to these attacks as quickly as possible,” explained John Peterson, General Manager of Information Technology, AW North Carolina. “A highly secure network is key to our success. Now, it’s no longer a matter of chasing a virus from one network connection to the next to identify compromised computers. Throughout the process, AT&T was a trusted advisor.”

Here's our Q&A:

  • Please explain an example of a ransomware attack - and how you tried to deal with it before finding help

It was a "ransomware" variant that was very new. The existing firewall and anti-virus AWNC had at the time did not catch it. Fortunately the existing firewall did not allow the "ransomware" locking process to enable. It did saturate the network and several key process servers were unable to respond.

AWNC IT isolated the computers that were the initial entry point. AWNC IT had been working with ATT. We contacted them, sent the hard drives that were isolated with the "ransomware" that were the entry point for the ATT forensics lab to assist identifying the "ransomware" and the method to eradicate it. ATT was able to respond in a very short period of time and AWNC IT was able to remove the "ransomware" from our facility systems.

Over the next several weeks AWNC IT implemented the ATT Network Based Firewall, Web content filter and E-mail Gateway filter. A few weeks later, AWNC IT implemented the ATT mobile security product to extend these services out to the mobile device population for AWNC.

  • Why do you think you were targeted?

AWNC believes because of the origin this was a targeted attack but this would be difficult to prove.

  • Did you pay a ransom? Why or why not?


Fortunately we did not have to pay ransom because the existing firewall did not allow the "ransomware" to go back through the locking procedure.

The quick response by the AWNC IT team isolated the attacks to the computers that were the initial entry point to the network and these were removed from the network.

ATT responded very quickly and the "locked data" status was not achieved. AWNC IT then removed the "ransomware" from the facility systems. Also, we utilized daily backups to restore any data that was compromised.

  • Why reach out to AT&T? Did you talk with others? Why pick AT&T?

AWNC IT had been working with several firms on a new security systems due to exactly the type of attack that happened. We were a significant way along in this evaluation process. When the attack hit, we called the firm we thought could produce results the fastest. In hindsight, AWNC picked the right firm in ATT.

  • What lessons can other businesses learn from your experiences?

If you are not keeping current on the latest IT security measures and software patches, your business is exposed.

If you have a new IT security system and you are not continually keeping it up to date and looking for new products and processes to assist in protecting your business, the threat will occur again.

It is just timing before the situation will strike. Auditing firewall policies and login/logout times for each computer and active directory account has also been crucial in identifying threat vectors and malicious behavior from inside and outside the organization.

Establish an up to date security posture for the business systems and ensure it is kept current continuously.

WRAL TechWire any time: Twitter, Facebook

Copyright 2017 WRAL TechWire. All rights reserved.
The Skinny

The Skinny

WRAL TechWire Publisher and Editor Rick Smith dishes out tidbits from the local technology sector. Read more articles…

Please Log In to add a comment.

Latest for Insiders