I know of a similarly situated company that failed to survive an undeterred cyber attack. Such inconveniences aside, for the hospital preventing the ransomware infection was much preferable to having to recover from one. Indeed, even after our team had tested and rolled out a new endpoint protection system for the hospital, compliance with HIPAA required its lawyers to run full-disk forensics on dozens of hospital workstations, consuming essentially 9 months of work. Had the executive hesitated in alerting us, the consequences for his company might have been devastating, especially considering that ransomware is considered a HIPAA violation and companies are fined heavily for such violations. They were unknown ransomware actors, operating out of South America, and we had them roped off before they could access or encrypt any of the hospital’s files or backups. I advised a temporary Internet shutdown and deployed Symantec’s cloud-based, AI-enhanced Symantec Endpoint Protection 15, which quickly and easily located the threat actors’ command and control servers. In this instance, however-and in large part because the executive reached out to our incident response team right away-we succeeded in thwarting the attack while it was underway. Less than a week earlier, I’d seen a half-dozen companies in different industries fall victim to ransomware files consisting of the same four letters. He told me the file name and my heart sank. Symantec Endpoint Protection (SEP) and his internal team had flagged as suspicious some data that was marked with a four-letter file name, he explained, and multiple attempts to scrub it had failed. Early this year, when an executive at a hospital called our Incident Response (IR) team, he had yet to realize that his organization was confronting an active ransomware attack.
0 kommentar(er)
