SME Kracht GmbH has come a long way in their 100 years of existence. From their Werdohl site, the mechanical engineering company’s engineers drive innovations with their developments and influence technical revolutions. Their fully automatic logistics centre packed with highly modern machinery is the headquarters from which they produce and sell pumps, fluid measurement, valves, hydraulic drives and customised system solutions to the whole world. All of this is only possible thanks to a stable and secure IT system. This, however, became the target of unknown attackers in February 2022. The perpetrators managed to override the existing very high security standards and encrypt important systems to block them and hence slow down the company’s business. They demanded to be contacted in order to demand money. Kracht, however, did not respond to this instead contacting long-term IT partner Bechtle in order to address the problem both systematically and analytically without wasting too much time.
It was a worst case scenario, as unknown offenders managed to override our sophisticated security systems. The Bechtle forensics team was with us in no time at all, was calm and collected and knew exactly what to do ensuring no knee-jerk decisions were made. We decided not to negotiate with the offenders. Instead, Bechtle repaired the entire system in only a week, which was very impressive.
Peter Schilg, Head of IT, Kracht GmbH
Bechtle’s forensic department is specialised in attacks of this nature. Together with a task force that was formed by Bechtle in no time, the forensics team started work the very same morning at Kracht’s premises. Due to the long-standing customer relationship, Bechtle wass well-versed in the IT infrastructure and Kracht trusted Bechtle’s work, which allowed for top concentration and maximum results. The forensics team made a calm and collected decision to first secure the digital fingerprints for their investigation. It didn’t take long to find out how the cybercriminals managed to break in—a professionally written phishing e-mail created a gap in Kracht’s server structure. In order to restore Kracht’s IT system, the Bechtle forensic team exported and secured all relevant data. The mechanical engineering company was well-prepared for an event like this. There was a physical up-to-date backup that nobody could access from the outside, which was unaffected by the attack. Bechtle has years of experience in rebuilding encrypted systems and abides to an internal emergency plan to do so. Kracht had already disconnected their systems from the net.
Bechtle created a green zone—a clean and closed area where only debugged and trustworthy data are reintegrated—and then secured the exchange mailboxes plus all non-encrypted and user data after a cleaning procedure using the necessary test methods and security tools. In parallel, the experts worked on rebuilding the existing network infrastructure. New Fujitsu servers and storage that had been ordered by chance a few weeks prior had already arrived. Bechtle used them to rebuild the VMware ESX server and the domain structure, installed Exchange and the file server and, in a joint effort with Kracht employees, configured the thin clients via a master image. Using a communication matrix, Bechtle only allowed communication among the internal network zones via required ports. Bechtle reconfigured the Sophos Firewall and Sophos Central used prior to the attack, adjusted the rules and additionally secured the entire environment with Cybereason. This way, Kracht can recognise potential risks in real-time and crack down on them before they escalate. After only seven days of hard work and night shifts, the newly revamped green zone went online. This was followed by the new installation of the Citrix servers for the digital workplace and its security. Finally, Bechtle adapted the entire Microsoft 365 environment to the new conditions—reinstalling Azure Connect, Exchange Hybrid, Intune and Conditional Access and connecting them to the existing server structure.
After the cyberattack, Kracht was able to resume work with a clean IT infrastructure with its usual efficiency within a few days thanks to Bechtle. Internally, Bechtle reviewed Kracht’s entire IT and optimised and secured it according to the latest standards. This way, the mechanical engineering company is well-protected against criminal attacks on its IT. Kracht is still on the lookout as no one is truly safe from cyberattacks—no matter how sophisticated the security measures. With tools like Cybereason, however, Kracht is one step ahead of the attackers.