Case Study: New England-based Healthcare Provider derails ransomware and slashes incident response time with Attivo Networks' ThreatDefend BOTsink

Deception Technology Derails Ransomware Attack on Regional Healthcare Provider

New England based Healthcare Providing Company was hit by a phishing-delivered Locky ransomware strain that encrypted endpoints and network shares and evaded traditional defenses. With limited forensic visibility and a resource-intensive, reactive remediation process, the organization engaged Attivo Networks and its ThreatDefend platform (including the BOTsink malware analysis engine) to gain actionable intelligence and stop recurring infections.

Attivo Networks ran the samples in the BOTsink analysis sandbox to unpack and detonate the malware, capture C&C hosts, mutation behavior and lateral-movement tactics, and produce IOCs. Using those findings Attivo Networks’ solution enabled the customer to block C&C IPs, apply group policies to stop east–west spread, flag file hashes in endpoint controls, and drastically reduce incident response time—preventing wider infection and avoiding ransom payments while improving preparedness for future attacks.