Communications & Power Industries (CPI), a major electronics manufacturer for defense contracts, has confirmed that they were the victim of a ransomware attack. The company fell victim to ransomware in mid-January and opted to pay the ransom of $500,000 but have yet to return to being fully operational. According to a source with knowledge of the incident, attackers gained access into CPI’s system when a user with domain administrator-level access to CPI’s network clicked a malicious link in a phishing email on their work computer. Thousands of CPI’s computers were located on the same unsegmented domain which allowed the ransomware to quickly spread to every CPI office and impacted on-site backups of CPI’s systems. While CPI has been able to recover many computers using the decryption key provided after paying the ransom there are still a number of computers that have yet to be recovered. Roughly 150 of CPI’s computers were still operating on Windows XP, which is no longer supported by Microsoft.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that