Powernode Computer Inc.

Within hours of the initial alert, Synchroworks advised PNC to disconnect internet access, shut down all endpoints, and isolate compromised systems. On-site analysts quickly confirmed that the Trinity Locker Group had deployed ransomware across the environment, verifying full encryption of critical infrastructure including Sage ERP and custom MySQL applications. To support insurance and legal proceedings, Synchroworks preserved the forensic trail by physically isolating systems and collecting digital evidence. Secure, out-of-band communication channels were established using Microsoft 365, enabling coordinated incident response while maintaining business continuity.

Recognizing the opportunity to rebuild from a clean slate, Synchroworks deployed a modern, security-first infrastructure. A Sophos XGS 2100 firewall and Cisco Layer 3 switches were installed to establish a segmented, zero-trust network architecture – limiting lateral movement and reducing exposure. Simultaneously, endpoint protection and endpoint detection and response (EDR) solutions were deployed across all clean workstations and servers. This replaced the previously absent antivirus and malware defenses, creating a unified and proactive security layer throughout the environment.

Although the ransomware did not compromise PNC’s Microsoft 365 tenant, our team conducted a full security audit to eliminate any risk of lateral compromise. This included tenant-wide password resets, enforcement of multi-factor authentication, conditional access policy reviews, and a comprehensive audit of risky sign-ins. To maintain business operations during the rebuild, Synchroworks provisioned a secure SharePoint environment for file collaboration. Cloud-based backups were also implemented to ensure redundancy and support future recovery needs.

PNC’s on-site backups were partially affected. Synchroworks wiped the compromised server and reinstalled a clean operating system, then restored essential business systems using fresh virtual machines. In collaboration with PNC’s Sage partner, the team rebuilt the ERP environment and imported the most recent uncorrupted SQL backups, restoring core functions such as accounting and order management with minimal data loss.

In the weeks that followed, our team implemented a series of long-term security enhancements to strengthen PNC’s cyber resilience:

• A structured patch management plan
• Monthly security reviews
• Endpoint monitoring and alerting
• Security awareness training for staff
• Development of a formal incident response plan and disaster recovery strategy

No malicious callbacks or residual threats were detected following the cutover to the new firewall and EDR systems. The rebuilt environment remained clean and stable throughout post-incident monitoring.

Core business systems, including Sage ERP, SQL databases, and file services, were fully restored within one week. This rapid turnaround minimized disruption to customers and partners and preserved business continuity.

Transparent communication, milestone-driven execution, and clear documentation enabled PNC’s leadership to make timely, informed decisions throughout the crisis.

The new infrastructure featured segmented network architecture, automated cloud backups, and documented incident response playbooks. These upgrades significantly reduced the likelihood and potential impact of future attacks.