Customer Story

Health Services Provider Thwarts Ransomware Attack with RevealX

A leading health services provider

Download customer story

Rapidly isolated the source of malicious code in an ongoing ransomware attack

Quickly quarantined impacted resources and stopped the attack before it could spread further

Created alerts on the file extension to rapidly detect and prevent future attacks

Schedule a Demo

The CHALLENGE

An employee reported performance issues on his client machine. Upon investigation, the IT department discovered these issues were symptoms of an ongoing ransomware attack.

Today's threat actors are taking advantage of vast attack surfaces that extend across every endpoint, from the branch office to the datacenter or the cloud, and too often they operate unnoticed. At ExtraHop we've spent years developing technology that can analyze the entire network in real time—every critical asset and every transaction—so that there are no blind spots.

Jesse Rothstein Co-Founder, ExtraHop

The Technology Environment

Vital network-attached storage (NAS) resources that malicious actors were attempting to access and encrypt as part of a ransomware attack.

WHY REVEALX

Why the Health Services Provider Chose RevealX

Real-time insight from the network to the machine

Using ExtraHop to monitor and analyze east-west traffic, the IT team was able to monitor the client machine and watch, in real-time, each file that the ransomware was reading before quickly isolating impacted assets and stopping the attack from progressing.

The organization was already using RevealX for network performance monitoring

The Outcome

Stopping Ransomware in Its Tracks

Smarter investigations uncover root cause

Using the look-back functionality in the ExtraHop Discover appliance, the security team was able to investigate the employee's activity on his machine, determining that the ransomware came not from a PDF or executable file the user had intentionally downloaded, but from a URI on which the employee had clicked.

Security inside the perimeter

Real-time insight into east-west traffic empowers IT and security to detect and track anomalous behavior—like unusual NAS activity—through the entire application delivery chain so they can stop potential breaches in their tracks.

Proactive quarantine and alerting

Using the ExtraHop ransomware bundle, the organization's information security team identified that the malicious file had an unexpected extension and searched for it across the entire infrastructure. This allowed them to quickly identify and isolate compromised systems, as well as create alerts for instances of that file extension moving forward.

Keep exploring

All customer stories

Is RevealX right for you?

Schedule a demo Contact us

Products

What will your story be?

Security

Network Detection & Response (NDR)

RevealX NDR

Use the power of network visibility and AI for real-time detection, rapid investigation, and intelligent response for any threat.

Product overview

View capabilities

Performance

Network Performance Monitoring (NPM)

RevealX NPM

Use network data and machine learning to identify network and application performance issues and expedite time to response.

Product overview

RevealX platform

Deployment

Integrations

Experience NDR

Capabilities

FAQs

Intrusion Detection System

Forensics

Experience NPM

Capabilities

FAQs

Forensics

Solutions

Ransomware Attacks

Advanced Threat Hunting

Threat Detection and Response

Network Forensics and Investigation

Security Hygiene

Cloud Workload Security

Operational Resilience

Troubleshooting and Resolution

Cloud Migration

Cloud Workload Monitoring

Network Forensics

Zero Trust

Multicloud & Hybrid Cloud Security

XDR Strategy

SOC Modernization

Digital Transformation

Financial Services

Education

Public Sector

Federal Civilian Agencies

Defense and Intelligence

State and Local Government

Why ExtraHop

Customer Stories

News

Careers

Technology Partners

Channel Partners

Managed Service Providers

Service Credits

Resident Experts

Deployments

Customer Community

Technical Support

Education Services

C-Level

Security Threats

Company

Products

How-To

NDR

NPM

Ransomware

Zero Trust

Reports

Demos & Videos

Customer Stories

Webinars

Papers & E-books

Data Sheets

Experience NDR

Capabilities

FAQs

Intrusion Detection System

Forensics

Experience NPM

Capabilities

FAQs

Forensics

Ransomware Attacks

Advanced Threat Hunting

Threat Detection and Response

Network Forensics and Investigation

Security Hygiene

Cloud Workload Security

Operational Resilience

Troubleshooting and Resolution