Case Study: Leading Health Services Provider Thwarts Ransomware and Rapidly Quarantines Infected Hosts with ExtraHop

Leading Health Services Provider Thwarts Ransomware Attack with ExtraHop

A large health services provider discovered that an employee’s slow client machine was actually infected with ransomware that was encrypting local and shared NAS files, threatening to hold sensitive, business‑critical data hostage. The IT team needed to quickly determine how the infection began, what files and systems were impacted, and stop the malware before it spread across the environment.

Using the ExtraHop platform to monitor East‑West traffic and analyze file behavior in real time, the security team traced the infection to a malicious URI, tracked the ransomware’s reads/writes, and quarantined affected hosts—using pattern‑based behavioral analysis rather than signatures. The organization rapidly isolated the source, stopped the attack from progressing, created alerts for anomalous file activity, blocked the malicious URI, and now continuously monitors critical file systems while expanding ExtraHop for proactive security analytics.