Client Background:

For over 75 years, our client has been a leading manufacturer of shelf-stable, dairy-based food and beverage products. Today, the company continues to grow as a top-tier source partner for food and beverage products, servicing large, fortune-500 companies nationwide.



In the food industry, one of the most valuable resources that sets manufacturers apart is their tasty, high-quality, proprietary recipes. Top brands partner with food and beverage providers that include well-known Fortune 500 brands. These best-tasting products rely heavily on efficient delivery to serve their markets. What happens if these product lines come to an abrupt halt, or even worse, their patented recipes become public knowledge?


Unfortunately, one food processing company, serving brands we all recognize and use daily, was forced to confront this question when a hacker breached all production systems, effectively shutting down the entire company and putting its most valuable data – its clients’ proprietary recipes—at risk.


In an instant, a $200-million-dollar food company went from selling highly sought-after food products, to losing over $1 million a day due to a single ransomware incident. It left all servers and endpoints exposed and at risk of losing key ingredients and data. In an attempt to prevent further data loss, the company was forced to immediately shut down all production and operations, including infected servers, all networks, headquarters, and all facilities. The magnitude of this breach required a specialized partner to remedy.


RKON to the Rescue:

The RKON incident response team wasted no time once brought in to search for the attack source and narrow down the possible vectors. Based on our in-depth analysis, we discovered the root cause of the ransomware attack was multifaceted, starting with an unsafe number of people using administrator accounts, misaligned leadership roles, incomplete backups, lack of documentation and patching schedules, and a nonexistent Disaster Recovery plan. If proper, consistent vulnerability scans were in place, then the IT department would have quickly found the exposure and proactively protected the company from data loss. However, without consistent testing and a robust Disaster Recovery plan, the company was left at extreme risk for a breach.


While working with the data center provider, RKON immediately disabled all accounts, took over operational control, and thoroughly assessed the damage. To prevent further damage or risk, our incident response team worked 24/7, both onsite and offsite, in getting our client secure and back to production. Our process included:


  1. Isolating all infected Servers, Computers and devices;

  2. Disabling and isolating Networks/WiFi;

  3. Disabling all accounts

  4. Building an isolated, virtual environment to recover data from backups;

  5. Reviewing all existing backups, timelines, and recovering to a network isolated virtual environment for analysis;

  6. Analyzing existing infections, the type of virus, and the timeframe of the breach;

  7. Implementing additional antivirus and endpoint detection and response (EDR) tools;

  8. Introducing vulnerability scanning and network/security tools to understand the network;

  9. Implementing continuous scanning network for other potential issues;

  10.  Restoring physical and virtual servers;

  11.  Rebuilding Active Directory Domain Controllers and recovering servers from backups;

  12.  Changing all account and network passwords before bringing the environment back into production; and

  13.  Assisting with reinstalling proper backups and rebuilding their data center.



How Are They Better Today?

RKON worked tirelessly to get the company back online, including collaborating with C-suite executives to explain the breach, teaming with the IT department to remediate, and recommending security solutions to get the business live again and protect it from another detrimental breach in the future.


Our quick and effective recovery process saved more than just the company’s critical systems; it saved the company’s brand reputation as a trusted, reliable, and secure partner. Furthermore, RKON has enabled a plan to implement a Security Operations Center (SOC), Office365 migration, conduct holistic architecture reviews, and deploy ongoing vulnerability scans that will proactively safeguard information moving forward and strengthening security posture among all employees and vendors beyond just technology.


Don’t let a ransomware attack almost put you out of business before taking security seriously. The best way to protect your most valuable assets is to invest in IT and partner with a team of experts who have the experience and truly understand what it takes to keep you safe