Case Study: a leading health services provider thwarts ransomware with ExtraHop

a leading health services provider stops ransomware in 10 minutes with ExtraHop

A leading health services provider faced a significant challenge when an employee's machine was infected with ransomware, which began encrypting files on local and network-attached storage. The organization needed to quickly understand the scope of the infection, identify impacted systems, and prevent a widespread attack. They turned to their existing deployment of the ExtraHop platform to gain visibility into the threat.

Using ExtraHop to monitor east-west traffic, the IT and security teams were able to analyze the ransomware's behavior in real-time, rapidly isolating infected hosts and stopping the attack from spreading. The solution enabled them to trace the infection back to a malicious URI and proactively quarantine other machines that had accessed it. As a result, the health services provider contained the threat, prevented a catastrophic data hostage situation, and implemented new alerts for anomalous file activity to detect future attacks. ExtraHop provided the critical visibility needed for a rapid response.