Business IT Support
Managed Backups
Cybersecurity
Microsoft 365
Server ManagementHere at Netserve we recently reviewed our cyber security offerings and proudly partnered with Huntress Labs, allowing us to offer a human-powered 24/7 EDR (Endpoint Detection & Response) security solution. Below is a real-world example of the product in action…
Recently we received both a phone call and text message with a critical alert from Huntress, informing us that one of our endpoints (someone’s computer) had been infected with Malware. The tool automatically isolated this machine from the rest of the network in order to prevent the incident from spreading to other PCs.
The tool analysed the infection to investigate to what extent the malware had infected the machine, where it originated from, and provided us with recommended remediation steps it wanted to take. Below are images of how this incident appeared within our management portal and the text that was sent to us:
This allowed us to act quickly in order to ensure the correct steps were taken to protect this business. We arranged for a technician to collect the machine from the customer site, as with any malware infection there may be unknown malicious processes, files, or other changes made to the host that remain undetected after initial isolation and remediation, so we always restore from a known good backup or complete a clean OS install in order to ensure the issue is entirely rectified.
After we had completed this we used the wealth of information available to us within the Huntress portal to discover how this infection occurred – via a Zip file that had been downloaded from the internet in good confidence. This Zip file, if successful, would have installed tool used to deploy ransomware – malicious software that encrypts your businesses data and holds it ransom for huge sums of money.
We hope this case study evidences that malware infections are a high-risk threat to businesses, but avoidable with the proper security precautions in place. If you are not confident in your current IT cyber security please get in touch with the Netserve team on 02380 000 999 or by email at [email protected]
