 So imagine this You've got a holiday planned weekend away, you know, your wife's looking forward to it Your friends looking forward to it. Everyone's been cooped up because of COVID Finally some downtime and then you get that dreaded phone call at four o'clock in the morning and you realize all your plans are about to change Jump in the car and actually drive to the office. So, you know, I think I had a pair of board shorts on, you know A t-shirt and a pair of flip-flops So not exactly business corporate attire, but I bring up the system and the system doesn't come up All right. So, you know, as soon as you hit that console, all right Where you're getting the raw picture of what that machine's doing and you see this bootloader that says, you know You've been hacked sort of thing Boom, it's like a scud missile going off You realize that Okay, this isn't just an unplanned outage. This is a targeted targeted attack You're on the pointy end of the kebab knife I don't know if I was Lucky or not, but uh I was sleeping through the initial part of the attack and I'm a deep sleeper. So I didn't find out until I got into the office So I was that morning. I was looking forward to heading off a bit early Going camping with the family for the weekend after all of that lockdown I get into the office and I see Matt there and I think he's not supposed to be here He's supposed to be away as well Sure enough. He says we've been hacked and I didn't really know what to think at that point. So I'd never really been through a ransomware event or anything like that I would go walk over to his desk. He's got radar open there and Sure enough There's a big compromise there Radars an AI driven basically anomaly detection software hosted by rubric and switch The metadata of activity with your files and such gets sent to rubric Assessed based on AI that's been trained throughout the world And then alerting you to any anomalies And that's particularly useful for ransomware attacks in which you have Tens of thousands even hundreds of thousands of files and the spend of minutes Being encrypted or deleted in some cases like we experienced and really helps you assess the scope of the threat And where you need to start targeting your recoveries if there was one you know Shining light at this point in time was it was a friday So because we're a manufacturing organization primarily It's a half day So we weren't going to lose a full day of production, but we were going to lose a full day in terms of Other areas of business and I at this stage, you know I would be known to look down for like 45 minutes and I could ascertain that this wasn't going to be a quick fix like previous ones because previous attacks Um Were pretty one dimensional So, you know, uh, and they automated there wasn't a human being or a set of human beings at the other end of the barrel pulling strings Um And this time there were we're profiled Um, and uh, what do I mean by that? Well, uh, they looked at our business And they took their time They didn't attack us directly, right? They found a trusted source Um that we trusted implicitly, you know, it was an email It looked legit. Um And really it was legit because it came from The right email address the right account In the right format, um, it just had one slight detail the uh, the link that they usually use to send us Purchase orders didn't go to them. It went somewhere else two weeks later You know, they have, uh, you know, they've logged into the system they've looked for Elevated rights via vulnerability. So they've been very good at catching us out on a patch cycle. So like most organizations, you know, we Do patch cycles monthly. Um, they found a vulnerability that got them elevated rights to the network Then they Could push that information back to themselves in the Netherlands And then they teared the attack and they kicked it off at 2 a.m. When they knew no one was going to be around they're smart, right? So these things come in waves So the attack, um I would say had the first wave which is the one on friday morning that you know, I walked into at work Um, and we cleaned it up Well, we thought we cleaned it up because then came the second wave at an o'clock at night Just as we're about to pack up for the day. We're pretty exhausted. We've just pulled a lot of man hours And suddenly everything starts going down again the next day We're pretty much Flat out just trying to recover and again we get to a point where we think we've we think we've killed it then that night Matt and I just just a little curious. We thought we might just try and log in remotely And uh, sure enough, we can't get in and uh, pretty scary moment So matt goes into the office and sure enough Compromised again. I take it quite personally You know, you get these Six degrees of motions almost, right? So there's there's anger There's all there's regret Because you feel like maybe you've had a failing in yourself And you haven't led your team correctly But they go to the wayside pretty quick Because it's really You come to the realization that you've just got to get on with it And you almost get this rah rah feeling of we've got this You think you've been successful in attacking us Um, but here comes the counter punch All right, and uh With rubric we understand that we've got a very good right hook And we're going to come back and come back hard and at the end of the day This is just going to be an inconvenience. It's just a matter of how big an inconvenience it's going to be I had my guys it was like, I don't know 1 a.m in the morning. We're at the whiteboard We've planted out we've got all the moving components in place And we've got rubric ticking away recovering all our stuff And you know, I just had this, you know, blinding flash of the obvious You know, this war's won. It's not, you know, the battles are over We've been fighting battles all day But we're at this point now where I can happily declare The war is won, right? There might be a couple of more cleanups that we've got to do But I knew that people's jobs were safe. I'll be honest There's a lot of pressure on me as a cio When we've got no production happening in a factory that employs, you know, hundreds and hundreds of people And I've got to send those people home I take a personal hit on that, you know, I feel quite Personally obligated to those people on forklifts and you know, nail guns and running out our automated sores and stuff that You know, their livelihoods are in my hand So I put a lot of personal pressure on myself, but the business puts a lot of pressure on me Our customers put a lot of pressure on me, even though they don't even know that they're adjourting it To get us back into the throw of things You know, there was one organization that it took them six months to recover And they didn't do any local manufacturing for a month You know, and my manager director pulled me aside over a beer and he said Wow, I don't even want to know what the world looks like I don't even want to think about what the world would look like if we didn't do manufacturing for it for a month You know, that would be a you know, a serious detriment to our business and one that we might not be able to recover from You know, so it's not just a rubric. It's not just about recovering from ransomware Rubric is a difference between survival And non-survival in this new digital age Well, even as a medium-sized organization We get attacked all the time, but In order to actually keep the 99.99 percent of attacks Out of the way We really need to ensure that we're always strengthening our security In line with our policies. And so technology is always changing, but people are always changing as well And so our threat landscape Is always evolving. I think it's just a evolving sort of uh mission of white hats versus black hats and and how we overcome each other You know, I would say that uh Human people are still your number one defense But when they fail, you've got to have things like rubric there To save the day. They've only got to get it right, you know for a minute in a day We've got to get it right 24 7 365, right If one of our staff and you know, there's thousands of them If only one of those people makes a mistake and gets it wrong We've got a problem Rubric is a company being amazing, right the support that we get from rubric And during the attack that a dale's reaching out to me Who's our you know our engineer at rubric on a local scale? And he said hey Is there anything I can do to help, you know, and I'm responding to him on whatsapp saying No, no orange in love with this thing. Um, he's got it. He's cool, you know, but there's this constant communication. I think that's um A big part of confidence In a product is having confidence in the people. So, you know, I've got confidence in rubric is the technology Um, and the digital stuff it does But I've also got confidence that I've got a support network from rubric They've got my back and they've got my teams back. So, you know, Aaron went from I've heard about this rubric thing We've had it in the company forever. It was here before I got here I've done my apprenticeship time here, but I've not really been exposed to it and then this happens and because it's so intuitive And so easy to use and so fast He could just latch onto it and run with it, you know And then he puts in a couple of support calls because he had some questions about the apis and how do we recover This stuff easily on a bulk level So I don't want to just recover one or two files here I want to recover, you know hundreds of thousands of them. How can I do this programmably? So that, you know, I'm not clicking buttons in the interface all the time And you know support worked with him to make sure all these things happened, you know, and he he's going man I love these guys This was the first large-scale event which I'd used rubric and yet I was all over it really is particularly intuitive and wherever I had any knowledge gaps I just hop on with rubric support and straight away they have six guys on a call with me in the am so any time zone and just like that we're recovering Entire servers entire file sets that I'd never even knew rubric was capable of, you know, one of the key elements of Any ransomware attack is pressure. All right, and how quickly and overwhelmingly they can apply it They saw us clean up. They knew we used rubric, right? They sent us an email that said, hey, we've been monitoring you. We see you recovered really well Um, you use rubric. That's really smart, but we've got your data. We're going to sell it. So still pay us, all right Um And that creates worry because they don't just send that to the IT guys They send that to everybody in the company they can find an email address for, right? So you get all these phone calls and and uh worried people But then you start to go well hang on Do they really have our data? Because I find that a bit hard to believe because that would be an awful lot of data, right? They're saying they've got You know financial information. They're saying they've got PNLs, you know customer database all this sort of stuff And you go well, hang on. I know what data I've got I know where it is And I know they can't get to it because we use tools like sonar that have data governance That tells us where things live and how they live So then you go to the firewall records and go well actually give me a report of all data that went out of my network And you find out oh crap. They've got 13 gig of data But then you realize well, actually it was just ping traffic. Um, it wasn't actually data at all So they don't actually have anything they're realizing they're not going to beat us on the technical side We've got rubric. We've got these recovery tools that can help us recover No matter how much they try to kick us down. We managed to get reports from our isp and we know they haven't got our files They're bluffing Um, so when they send through that email To us. Yes, it's initially scary, but it's also an indicator that they're desperate They know they can't crack us And so one last hail mary start deleting files instead of encrypting them And try to make the executives a little worried, but We're good. I think in terms of a singular event that that clinched it Was being able to recover all the machines for through brick. All right, that that was the The saving grace, right? That was the hallelujah moment where we knew that we were going to be fine because They just couldn't get to it. It was immutable. They locked out of it. Um, you know, it was You know You know a universe too far for them Um, you know the access that they had managed to achieve through using exploits and stuff wouldn't work on rubric It's one of the reasons we we purchased in the first place is there was a totally standalone You know Ward garden approach if you will That was easily to get back from it was fast So And that that in itself was very very significant and the key The key point that underpinned the recovery is having it without it there. Um, I don't want to think about it