Banijay Benelux refused to pay the attackers’ ransom and Backbier’s team members found that every server they tried to access was immediately encrypted. Within hours, Trend Micro was working to mitigate damage.
Trend Micro started by examining traffic logs and installing hardware to secure the company’s network. It also installed monitoring software to track activity across Banijay Benelux’s AWS environment, which included over 20 servers. “They instantly had the right tools to protect and to monitor specific areas,” says Backbier. “To do that without affecting performance or creating downtime was really impressive.”
Next, Trend Micro began working to rebuild the handful of servers that had been damaged by the ransomware. The first step was to use a script that automatically installed Trend Cloud One—a cloud security platform created specifically for those building on AWS—the moment the team spun up a new instance of Amazon Elastic Compute Cloud (Amazon EC2) to replace a damaged server. This allowed Banijay Benelux to restore essential business systems within a few days of the attack. “In 3–4 days, we had the most vital systems running so we were able to access our bookkeeping,” says Backbier. “We could pay salaries again.”
Trend Micro also searched the dark web for efforts to sell data stolen from the company. Fortunately, Banijay Benelux was able to secure its systems before losing any sensitive personal or confidential data that might have led to fines for violating the European Union’s General Data Protection Regulation (GDPR).
Despite having to work remotely because of the COVID-19 pandemic, the Trend Micro team met with Banijay Benelux three times a day to keep the company up to date on monitoring and recovery efforts. The security company also conducted an ongoing search for suspicious traffic to ensure that the hackers were no longer lurking.
Getting everything back to normal again took about 3 months. “We have production companies that organize a lot on Excel sheets and paper and that wasn’t affected that much,” Backbier says. “We lost the system where we do workflow for the invoices, so we had to do that by hand just to be able to pay creditors.”
Banijay Benelux had been in the process of implementing a new invoicing system at the time, so it accelerated that project rather than trying to rebuild the old system. As the weeks passed, the company gradually grew more confident that the hackers no longer had access to its infrastructure. “I felt completely confident after Christmas time—that gave me the feeling that we were in a good place,” Backbier recalls. Today, he adds, “I’m feeling quite confident. I’m sleeping well every night again, because Trend Micro is watching over us. I can have an 8-hour sleep again.”
By this point, Banijay Benelux had begun talking with Trend Micro about providing ongoing managed security services for its cloud infrastructure. “My IT team is rather small,” says Backbier. “You can’t have all the expertise compared to a company like Trend Micro. That’s its core business.”