Leveraging the Right Team’s Expertise to Address Ransomware Attack

Banijay Benelux—an Amsterdam-based company founded in 2020 and part of the Banijay Group television production and distribution business—develops sports programs, reality shows, and dramas such as Big Brother, Expeditie Robinson, and Penoza. It relies on AWS to support human resources, invoicing, and other business-critical tasks.

In early November 2020, Leon Backbier, manager of IT for Banijay Benelux, was awakened by a pre-dawn phone call from a colleague in the UK: a ransomware attack was targeting the company’s cloud infrastructure. Backbier and his team contacted long-term AWS Partner Trend Micro, which at the time managed on-site endpoints—but not cloud—security for Banijay Benelux, and asked for help.

Trend Micro quickly began working to minimize the attack’s scope, strengthen the company’s cloud security, and remediate and rebuild the affected servers. Over the next few months, Trend Micro would continue to monitor Banijay Benelux’s AWS infrastructure for additional threats, while also restoring the damaged infrastructure. Today, it provides the company with 24/7 managed cloud security.

Essential Systems Restored Within 3-4 Days

Banijay Benelux refused to pay the attackers’ ransom and Backbier’s team members found that every server they tried to access was immediately encrypted. Within hours, Trend Micro was working to mitigate damage.

Trend Micro started by examining traffic logs and installing hardware to secure the company’s network. It also installed monitoring software to track activity across Banijay Benelux’s AWS environment, which included over 20 servers. “They instantly had the right tools to protect and to monitor specific areas,” says Backbier. “To do that without affecting performance or creating downtime was really impressive.”

Next, Trend Micro began working to rebuild the handful of servers that had been damaged by the ransomware. The first step was to use a script that automatically installed Trend Cloud One—a cloud security platform created specifically for those building on AWS—the moment the team spun up a new instance of Amazon Elastic Compute Cloud (Amazon EC2) to replace a damaged server. This allowed Banijay Benelux to restore essential business systems within a few days of the attack. “In 3–4 days, we had the most vital systems running so we were able to access our bookkeeping,” says Backbier. “We could pay salaries again.”

Trend Micro also searched the dark web for efforts to sell data stolen from the company. Fortunately, Banijay Benelux was able to secure its systems before losing any sensitive personal or confidential data that might have led to fines for violating the European Union’s General Data Protection Regulation (GDPR).

Despite having to work remotely because of the COVID-19 pandemic, the Trend Micro team met with Banijay Benelux three times a day to keep the company up to date on monitoring and recovery efforts. The security company also conducted an ongoing search for suspicious traffic to ensure that the hackers were no longer lurking.

Getting everything back to normal again took about 3 months. “We have production companies that organize a lot on Excel sheets and paper and that wasn’t affected that much,” Backbier says. “We lost the system where we do workflow for the invoices, so we had to do that by hand just to be able to pay creditors.”

Banijay Benelux had been in the process of implementing a new invoicing system at the time, so it accelerated that project rather than trying to rebuild the old system. As the weeks passed, the company gradually grew more confident that the hackers no longer had access to its infrastructure. “I felt completely confident after Christmas time—that gave me the feeling that we were in a good place,” Backbier recalls. Today, he adds, “I’m feeling quite confident. I’m sleeping well every night again, because Trend Micro is watching over us. I can have an 8-hour sleep again.”

By this point, Banijay Benelux had begun talking with Trend Micro about providing ongoing managed security services for its cloud infrastructure. “My IT team is rather small,” says Backbier. “You can’t have all the expertise compared to a company like Trend Micro. That’s its core business.”

Response Was the ‘Ultimate Proof of Concept’

Although organizations share a security responsibility in the cloud, they often require support to deliver it. As an AWS Level 1 Managed Security Service Provider (MSSP), Trend Micro has demonstrated the capacity to augment security teams’ resources with 24/7/365 managed detection, response, and support through its cloud security and XDR solutions and service teams. Today, Banijay Benelux has added confidence around its cloud security, thanks to Trend Micro’s 24/7 monitoring. It also knows that it has a partner that can jump in quickly to solve problems if a security incident develops. “I think what the hack proved was that they really can do what they promise—that gave me the feeling we made the right choice,” says Backbier. “That was the ultimate proof of concept for me.”

The ransomware incident also increased awareness at the company’s leadership level about the value of managed security. Now that it has a single dashboard to monitor security across its IT infrastructure, Banijay Benelux has deep and continual insights into its risk profile. “Security is high on everybody’s agenda,” says Backbier. “And that’s good.”