Reality Finance

Minimising cyber attack impact through early detection and expert recovery

Industry: Financial Services
ramsac services: totalIT, Secure+ (in progress)

A long-standing partnership with a trusted IT provider

Reality Finance is a leading independent asset finance company that supports UK businesses with tailored funding solutions. They have been a ramsac client for many years, as a totalIT customer, they rely on ramsac to provide fully managed IT support, ongoing technical oversight, and strategic guidance.

A sudden breach with hidden signs

In late May, Reality Finance became the target of a highly coordinated ransomware attack. Unknown to the team, malicious agents had been silently installed across domain controllers and servers, with the goal of full system encryption. James Cashmore, Commercial Director at Reality Finance, recalled,

“The moment we realised something was wrong was when ramsac called to inform us that we had been a victim of cybercrime. This came as a complete shock, as all our systems were still operational, and we had no indication of a problem.”

Thanks to ramsac’s monitoring, the breach was discovered within hours of encryption activity starting. Reflecting on ramsac’s fast detection, James added,

“We considered ourselves very lucky because ramsac caught the issue so early, minimising the initial impact.”

Immediate response and data protection

Within 30 minutes of confirming the threat, ramsac had assembled a dedicated cyber response task force—including technical leads, forensic experts, and client support. They moved quickly to contain the threat, isolate the attack, and protect data. Commenting on the early stages of the incident, James noted,

“We found ramsac’s response during the initial stages of the breach to be outstanding. They not only identified the problem but also quickly initiated our disaster recovery plan, securing most of our data.”

The ramsac team also helped James and his colleagues navigate an Information Commissioner’s Office (ICO) investigation, James continued,

“Their support extended to helping us complete the ICO request. This proactive and comprehensive assistance led to the ICO giving us an all-clear with no further actions, even complimenting the support we received.”

Smooth and confident recovery

Within 24 hours of confirming the breach, ramsac had deployed a clean disaster recovery environment built from pre-infection backups. A secure DR site was spun up, services reconfigured, and strict access controls implemented. During the recovery phase, James shared,

“Working with the ramsac team during the recovery phase was a very positive experience. We felt confident that they had everything under control, largely due to their excellent communication and ongoing support.”

Critical systems were back online within 72 hours, with no reinfection incidents recorded.

Business impact kept to a minimum

Thanks to fast detection and recovery, the business impact was remarkably contained. Although a full-scale encryption event had started, Reality Finance remained operational. On business continuity, James remarked,

“Because the attack was discovered so quickly and disaster recovery was implemented, we were still able to trade. The attackers didn’t have enough time to access our cloud-based CRM, resulting in only 5% of our data being compromised.”

The entire recovery and backup process was completed in about a week.

A cloud-first security shift

In the aftermath, Reality Finance embraced a strategic change in their IT approach. With ramsac’s guidance, they began transitioning fully to the cloud with added layers of security under the secure+ service, which will provide them with 24/7 monitoring and response to suspected breaches that can stop potential cyber-attacks within minutes. This layered approach to cybersecurity is designed to reduce exposure to future risks and support compliance with industry best practices. Reflecting on the company’s evolving strategy, James said,

“Our approach to cybersecurity has significantly changed since the breach. We have taken ramsac’s advice to go fully cloud-based. We recognise that without their timely support, this attack could have potentially put us out of business, underscoring the critical importance of robust cybersecurity measures and expert support.”

ramsac team members 20211019 219797 RT.min

How We Can Help

We’d love to talk to you today about your specific IT requirements, needs, and goals. We’d be happy to offer a no-obligation assessment of your existing IT estate. If you’re undergoing organisational change, nervous about your current security, or just want to make sure your IT investments perform at their best, we’re here to help.

Get in touch

or call us on 01483 412 040

Quiz yourself

Are you more cyber savvy than an 11 year old?

11-14 year olds get asked these questions in school. Could you get these right?

ramsac team members 20211019 219797 RT.min

X