Case Study: Kroll achieves rapid cryptomining attack remediation with Carbon Black

A Cryptomining Attack With an Assist From Advanced Malware Techniques

Kroll helped a healthcare company respond to a cryptomining attack after unusually high network traffic caused downtime at several store locations. Legacy antivirus couldn’t identify the threat, and the ISP revealed the activity was coming from inside the network. Kroll brought in Carbon Black and used CB Response to gain visibility and investigate the infection.

Using Carbon Black, Kroll quickly identified malware, malicious PowerShell activity, and persistence mechanisms, then used CB Live Response to terminate processes and remove the attack across affected systems. With scripting through the CB Live Response API, Kroll remediated the incident across the environment in days, restored network performance, and returned operations to normal.

Kroll