Case Study: Health Services Provider thwarts ransomware and rapidly quarantines infected hosts with ExtraHop

Health Services Provider Thwarts Ransomware Attack with RevealX

A leading health services provider discovered an employee’s slow client machine was actually infected with ransomware that was encrypting local and shared NAS files, putting sensitive, business-critical data at risk. The IT team needed to quickly determine how the infection occurred, what systems and files were impacted, and stop the ransomware before it spread across the environment.

Using the ExtraHop platform to analyze East–West traffic and wire data in real time, the security team traced the infection to a clicked URI, watched file read/write activity as it happened, and quarantined impacted hosts by behavioral patterns rather than signatures. As a result they rapidly isolated the malicious code, stopped the attack from progressing, created alerts for anomalous file activity, blocked the malicious URI, and now monitor critical file systems to detect and prevent future attacks.