In May 2015, a Texas surgical center discovered a virus quickly spreading through their network and making each file unreadable. The healthcare provider worked with GCS Technologies to quickly contain and eliminate the virus, bringing users back online quickly.

The Challenge

A Texas surgical center, which employs over 100 employees and a dedicated IT administrator, identified a threat that quickly spread throughout their network. An employee inadvertently clicked on a compromised email that appeared to be from an internal employee at the company. When they attempted to access an attachment, the user gave access to a variant of the widespread CryptoLocker virus that affected thousands of organizations in 2013 - 2015.

CryptoLocker and its variants create a vulnerability that targets users running the Windows operating system and gains access through infected email attachments that appear to be from legitimate email addresses. Known as “ransomware”, the virus locks the user from their own files and quickly spreads to the organization’s network.

The healthcare provider needed a quick response to ensure that the initial threat would be contained without affecting the larger network. If the virus continued to spread across the network, users would suffer significant downtime as well as data loss for each employee.

Our Solution

After the threat was originally identified, the network administrator engaged the GCS Network Operations Center team for assistance in neutralizing the threat. GCS Tier III escalation services allowed the organization direct access to an advanced support team, ensuring the best security experts were there to mitigate the effects of the virus attack.

Within an hour, the network was completely scanned to survey the damage and GCS technicians were able to identify the infected components. Infection points were identified to identify “patient zero”. By shutting the network down quickly, the spread of the virus was limited before it potentially exposed sensitive information.

Within a few hours, the scans were completed and the restoration process was put into effect.

Results

GCS was able to clean the infected system and keep the surgical center’s sensitive data safe within 24 hours.

This process includes evaluating recovery options, such as examining the current backup solution and identifying the appropriate recovery date. Fortunately, in recent months, GCS and the provider agreed upon a premium backup and disaster recovery (BDR) solution. While many solutions perform snapshots daily or weekly, the organization opted for a solution that created hourly snapshots which allowed the surgical center to retain nearly all data during the threat.

GCS technicians tested and verified the impacted data to ensure no contaminated files would be sent back into the network. The network lockdown was removed, allowing users access to their files and restoring full functionality across the organization.