When our client alerted us to the attack, the first step was to isolate the complete network in order to contain the problem. Every device was disconnected, including PCs, servers, routers, and of course printers.
We then tested each device for malware in isolation and only reconnected each device to the network once we were sure it was safe.
Working with the suppliers of our client’s printers and multi-function devices (MFDs) to confirm that these devices were free from malware, we devised a cyber defence strategy that minimised the risk from future cyber threats.
ASL recommended use of an isolated printer VLAN to create a secure printing infrastructure that would help protect the corporate network against future attacks. Configuring the network in this way prevents print devices from having any direct access to the internet or any other network device.
While implementing these network changes, other security measures were put in place. For example, the ‘secure release’ feature ensures that print jobs are only released when the user is next to the printer. This approach ensures confidential documents are only picked up by the people who printed them and eliminates the waste that results from jobs printed but never collected.
Using process called ‘host hardening’, we carefully configured the settings on each MFD.
The entire clean-up operation, including the introduction of extra security measures and reconfiguring all their machines took just one week across all UK sites. Our client’s network infrastructure is now configured as securely as possible and downtime of their business operations was minimised.