How Ring Power Partnered With Tanium on Ransomware Recovery

It’s the worst nightmare of any IT professional: an early morning phone call telling you the organization has just been locked down by ransomware. It’s also a scenario that’s become increasingly common over the past year.

By some estimates, there’s one new ransomware victim every 11 seconds in 2021. It’s exactly what happened to Kevin Bush, VP of Information Technology at heavy-equipment dealer Ring Power Corp.

Fortunately, Tanium was able to provide the visibility and capabilities Ring Power needed to execute a rapid ransomware recovery. And now the dust has settled, Tanium is also helping to enhance cyber hygiene at the company to help minimize the chances of a repeat event.

In this “To the Point” interview, Ring Power’s Kevin Bush shares first-hand what happened during and after the ransomware attack.

What happened to Ring Power

Ring Power is a 60-year-old Florida-headquartered provider of Cat equipment for customers in utilities, construction, logistics and a range of other sectors. Like many other businesses, its success marked it out for the unwanted extra attention of cybercriminals. In the end, it took just one phishing email and one misplaced click from a single employee to let the bad guys in.

When the 4 a.m. call woke Bush, he immediately knew something was wrong.

“It was my biggest fear, leading an IT department for a large company. The one thing you don’t want to hear is ‘everything is down’— much less ‘and they’re holding it to ransom’,” he says. “So, I got in the shower, I got in the office, and we began detaching everything from the network, making sure everything was secure. Then we had to figure out how to recover.”

The good news is that Ring Power was in the process of implementing Tanium when the incident struck. It provided Bush and his team with “excellent” visibility into the endpoint estate, enabling them to determine the scale of the recovery challenge ahead.

Tanium agents then helped Ring Power accelerate recovery by reimaging impacted endpoints and allowing end users without admin privileges to install the apps they needed on their machines.
The result: it took just 14 days from the initial compromise for Ring Power to fully recover its systems and data from backup. A reassuring call from the FBI told Bush all he needed to know: “You’re good to go.”

Forward with Tanium

He says air-gapped backups were a key factor in helping the firm to mitigate the worst aspects of the attack. But praise also goes to Tanium — with which Ring Power has now expanded its partnership.

“We previously had visibility with Tanium, but we hadn’t done much about it,” Bush says. “Now we’ve moved away from Windows Server patching to the Tanium platform, which is making me feel a whole lot better.”

In practice, this means Ring Power now has comprehensive control over its endpoints — including those belonging to field workers, which the firm was previously unable to patch for months at a time.

An effective patch management strategy like this is a foundational step towards best practice cybersecurity. It helps deliver the kind of cyber resilience Ring Power and its peers need as they face a mounting threat from anonymous adversaries.

---

Learn how to manage and configure your entire IT estate in real time with Tanium’s Client Management solution.