Ransomware Recovery

AirGap Labs

IT Infrastructure & Security | Fortinet Engage Preferred Partner

CASE STUDY

Ransomware Recovery

Response Helps Large Planned Community Recover from Ransomware

Client

Large planned community (anonymized) — featured in CNN and major media outlets

Sector

Residential community / property management

Partners

FortiGuard Incident Response, FBI, U.S. Dept. of Homeland Security, OC Cybersecurity Awareness Group

Solution

FortiEDR — endpoint detection & response

The Challenge

A large planned residential community suffered a ransomware attack that threatened both operational continuity and the personal data of thousands of residents. With critical infrastructure compromised and the clock running, the community needed immediate incident response expertise — not a help desk ticket.

The attack required a coordinated response across multiple agencies and a technical team capable of identifying, containing, and remediating a live threat while preserving the evidentiary chain required for federal law enforcement involvement.

The Response

AirGap Labs took command of the on-site response immediately, coordinating across a multi-agency task force that included the FortiGuard Incident Response team, the FBI, the U.S. Department of Homeland Security, and the Orange County Cybersecurity Awareness Group.

Immediate Actions

  • FortiEDR deployed within hours. AirGap Labs immediately stood up FortiEDR for its lightweight agent footprint and complete endpoint coverage — including legacy operating systems and IoT devices that traditional EDR solutions routinely miss.
  • Threat actor located and contained. Within hours of the attack, the team had identified the bad actor's locations across the network and built a containment and remediation strategy in coordination with the client.
  • Multi-agency coordination. AirGap Labs served as the technical integration point across all responding agencies, ensuring that investigative requirements (evidence preservation, chain of custody) were maintained alongside the operational priority of restoring services.

Hours

Time to threat containment

4 agencies

Coordinated response partners

CNN

Featured in major media outlets

Long-term

Managed services partnership

Outcome

  • The community recovered from the ransomware attack with AirGap Labs managing containment, remediation, and restoration across a complex, multi-vendor environment.
  • AirGap Labs transitioned into the long-term managed services partner for the community — now managing the full infrastructure through the tight integration of solutions across the Fortinet Security Fabric.
  • The success story was featured anonymously in major media outlets including CNN, recognized as a model for rapid ransomware response and multi-agency coordination.
  • All work was conducted as privileged legal work product, protecting the client's interests throughout the federal investigation.

Key Capabilities Demonstrated

IR Expertise

Multi-agency incident command and FortiGuard IR coordination

Fast Recovery

Threat identified and contained within hours of the attack

Full-Stack Support

Coverage across modern, legacy, and IoT endpoints via FortiEDR

Legal Work Product

Privileged engagement protecting client interests during federal investigation

Full Case Study

The complete case study — including detailed technical findings and remediation steps — is available as a PDF. Download the case study (PDF)

AirGap Labs  •  Irvine, CA  •  airgaplabs.com

Back to blog