74.4 F
Washington D.C.
Monday, May 29, 2023

How a Rapid Response Helped Thwart an Active Ransomware Attack

Early this year, when an executive at a hospital called our Incident Response (IR) team, he had yet to realize that his organization was confronting an active ransomware attack. Symantec Endpoint Protection (SEP) and his internal team had flagged as suspicious some data that was marked with a four-letter file name, he explained, and multiple attempts to scrub it had failed.

He told me the file name and my heart sank. Less than a week earlier, I’d seen a half-dozen companies in different industries fall victim to ransomware files consisting of the same four letters. In this instance, however—and in large part because the executive reached out to our incident response team right away—we succeeded in thwarting the attack while it was underway.

I advised a temporary Internet shutdown and deployed Symantec Endpoint Protection 15 to locate the threat actors’ command and control servers. They were unknown ransomware actors, operating out of South America, and we had them roped off before they could access or encrypt any of the hospital’s files or backups. Had the executive hesitated in alerting us, the consequences for his company might have been devastating, especially considering that ransomware is considered a HIPAA violation and companies are fined heavily for such violations.

Read more at Symantec

Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

- Advertisement -

Latest Articles