800.584.4279

How ThreatHunter MDR saved a client’s bacon

We’ve been talking about our new ThreatHunter Managed Detection and Response (MDR) service and how it provides active, always-on threat detection, facilitates response to incidents, and allows for continuous monitoring, but we didn’t figure we’d have a case study to share so soon!

During the week of August 10th, we rolled out this solution as an addition to the layered security approach for a fairly large non-profit in the region who has seven file servers and over 200 desktop and laptop computers spread amongst multiple offices. In the evening of Monday, August 17, our ThreatHunter MDR security solution detected a possible ransomware incident underway in their environment. Our Suite3 on-call technician began initial support at 10:40pm, and quickly notified Suite3 staff via our Microsoft Teams communication platform that a ransomware incident was underway. Following incident protocol and process, Suite3 staff worked collaboratively until 4:03am on 8/18 to triage the incident, secure the environment, and begin the recovery process.

In summary, the quick action by Suite3 limited the encryption impact to only three servers and ten PCs. The remainder of the clients’ over 200 devices were unaffected by the attack. Using the Suite3 ProtectSuite Backup and Disaster Recovery Solution, all production environment data that had been encrypted by ransomware was able to be recovered. The result was a recovery turnaround to baseline functionality in less than three business days after the incident without the need to pay a ransom.

In our entire 30-year history, this is only the fourth ransomware incident experienced by any client. Given that according to a study conducted by Fundera dated 12/31/2019, “50% of small and mid-sized businesses reported suffering at least one cyber-attack in the last year”, we have an incredible track record of prevention. Modern security threats go beyond solutions – have a plan and stick to the plan – maintain a big-picture view; leverage a layered security approach; and follow a process – that will allow you to keep calm and compute on!