“Dennis, This is The Big One.”

On September 9th, 2023 at about 0500, our organization was hit with a ransomware attack that impacted every level of our operation. The title refers to my first phone call to my boss that morning. We are a manufacturing company that operates around the clock, with on-prem, computer-based workloads running on nearly 1000 computers. Our small team of 5 sprung into action and restored or rebuilt nearly 800 objects in 7 facilities and two countries in less than 48 hours while also discovering and removing the threat actor’s point of entry. This talk will focus on what happened, what we learned, but also how the dynamics of the team came together to achieve a speedy recovery. From the blind luck of having recently finished an upgrade to immutable on-site backups to embracing the brilliance of the auto-didact on our team and trusting their instincts about when to escape the established plan. I believe other organizations, especially those with the resource constraints many manufacturing companies face, can benefit from hearing our story.