The Problem
A regional law firm with 40 employees discovered ransomware had encrypted their file server and several workstations early on a Monday morning. Court filings were due that week, and client documents were inaccessible.
What We Did
- Isolated affected systems to prevent further spread
- Identified the ransomware variant and attack vector
- Restored file server from verified clean backups
- Rebuilt affected workstations from standard images
- Conducted forensic review to confirm no data exfiltration
The Result
The firm was fully operational by early afternoon the same day. No ransom was paid. No client data was compromised. Court deadlines were met.
Why It Worked
This firm had been a WCI client for several years. We had already implemented segmented network architecture, automated offsite backups with regular test restores, and an incident response plan. When the attack happened, we executed a plan we had already tested — not one we had to invent on the spot.