Sign in to unlock valuable content and features from our AI-driven platform. Receive timely technology updates and the latest information from the solution providers who can help you realize your goals.
Start your journey by entering your name and email address below:
Please confirm your email address!
We are going to send a confirmation email to your email address to let you receive timely technology updates and the latest information from the solution providers who can help you realize your goals.
Please describe the problem you are trying to solve.
You are using an AI that may or may not be fully capable of answering every question correctly.
Loading
eSentire 24-7 SOC Cyber Analysts in Action
Cyber threats don't operate on a schedule, and businesses need security that works around the clock. Without continuous monitoring and expert-led threat response, organizations are left vulnerable to attacks that can cause financial and reputational damage. The eSentire 24/7 SOC Cyber Analysts in Action video provides an inside look at how eSentire's elite cybersecurity experts detect, investigate, and contain threats in real time. Watch the video now to see how a dedicated SOC team protects businesses from evolving threats. For a personalized security consultation, contact HG Consulting today.
Frequently Asked Questions
How was the ransomware attack initially detected?
The ransomware attack was first detected by the Managed Detection and Response (MDR) for endpoint using a detection rule that had been deployed several months earlier. This rule specifically looked for the BestCrypt utility being copied onto machines in a suspicious manner, which indicated the activity of a known ransomware actor.
What actions were taken during the incident response?
Once the attack was confirmed, the incident was escalated to the incident handling team. They quickly scoped the intrusion, identifying the adversary's activity across more than 250 workstations and servers. The team blocked the BestCrypt executable across all endpoints and isolated impacted systems to maintain connectivity while denying the attacker access. They also communicated with the customer to keep them informed throughout the process.
How did the team manage the BitLocker encryption issue?
The team discovered that the attackers had configured BitLocker in a way that would complicate recovery after a restart. However, they managed to cancel the restart command that would have initiated the encryption, effectively reversing the BitLocker encryption process. This timely intervention allowed them to prevent significant data loss across the impacted hosts.
Sign in with LinkedIn