Deploy Bravely — Secure your AI transformation with Prisma AIRS

Global Healthcare Company Swiftly Recovers From Ransomware with Unit 42

After detecting suspicious activity and ultimately encountering an encryption event, the client engaged Unit 42® for incident command, investigation and recovery efforts.

Results
Challenge
Outcomes
Get in Touch
Results
<1 Day

Deployed Cortex XDR®, expanding visibility and protection to 35K+ endpoints globally

<24Hours

Within hours of deploying Cortex XDR, Unit 42 identified the P0 and traced the initial infection vector

<48Hours

Restored mission-critical operations under Unit 42’s expert guidance and protective framework

The Client

A Global 2000 healthcare provider serving patients in centers around the world

The Challenge

A ransomware attack crippled a multinational healthcare company’s network, leading to the encryption of its virtual servers and exfiltration of data. There was an urgency to get critical, life-saving applications up and running as soon as possible. With Unit 42 on retainer, experts stepped in immediately to help:

  • Lead recovery efforts and manage multiple workstreams, including incident command and investigation.
  • Manage the crucial restoration and recovery process.
  • Strengthen the client’s security posture through platformization of its tool set, using Prisma® Access, NGFW and Cortex XDR to protect nearly 100K endpoints.

Unit 42’s Rigorous Incident Response Approach for Superior Outcomes

Assess

The initial assessment using the client’s security tool console and logs revealed suspicious activity.

Investigate

With Cortex XDR deployed, Unit 42 uncovered the initial infection vector and the full extent of attacker activity.

Secure

The global XDR rollout contained threats, fortified systems and enabled 24/7 protection through Unit 42 MDR.

Recover

Unit 42 led recovery efforts and restored near-normal operations in just three weeks.

Transform

Unit 42 also uncovered key security gaps leading to the adoption of MDR, Prisma® Access and Cortex XSIAM® for lasting protection.

"After the Unit 42 team's exceptional response during the incident, Palo Alto Networks has officially distinguished themselves as the top security partner in our eyes."

– CIO, Healthcare Company

First trigger point

Assess

Investigate

Secure

Recover

Transform

Scroll right

Resolution Timeline

Assess

Investigate

Secure

Recover

Transform

Days 0 - 4
Crisis Management

Ransomware impact identified at two key sites. Review of logs reveals suspicious activity.

Threat hunting efforts identify path of attacker. Remote access and credential access identified.

Cortex XDR deployed to systems at impacted sites to contain attackers.

Recovery experts deployed to impacted locations and critical applications restored. Resumed critical business operations within 24 hours.

Days 5 - 7
Restoration

Full scope of impact identified. Recovery and restoration strategy established.

Initial point of access identified and entry vector contained. Evidence of data exfiltration identified.

Deployed Cortex XDR globally, hardened systems, identified and blocked IoCs and began 24/7 threat monitoring with Unit 42 MDR.

Built and deployed new systems to replace encrypted systems.

Days 8 - 14+
Hardening

Comprehensive understanding of threat actor activity using Cortex XDR.

Audit and hardening of IAM environment. Global review and hardening of firewalls begin.

Restoration of secure remote access for global workforce.

Investigative efforts identified gaps in network, identity, endpoint and security operations.

Days 15 - 45+
Fortification

Maintained threat-free environment with Unit 42 MDR. Attack Surface Assessment conducted to address external vulnerabilities.

Normal operations ensue.

Presented Security Blueprint outlining security transformation strategy and performed security design review and assessment.

Last trigger point

Threat-Informed Incident Response

With Unit 42 Incident Response, stay ahead of threats and out of the news. Investigate, contain and recover from incidents faster and emerge stronger than ever before, backed by the full power of the world’s leading cybersecurity company. Contact us to gain peace of mind.

SPEAK TO AN EXPERT TODAY

Backed by Industry’s Best

  • Threat Intel logo icon
    Threat Intel

    Extensive telemetry and intelligence for accelerated investigation and remediation.

  • Technology icon
    Technology

    Palo Alto Networks platform for in-depth visibility to find, contain and eliminate threats faster, with limited disruption.

  • Experience symbol
    Experience

    Trusted experts who mobilize quickly and act decisively in over 1K incidents per year.

Get the latest news, invites to events, and threat alerts