Skip to main content

Battle of the Week - Virtual Machine Ransomware

The Battleground:

A Company's Network.

The Presumption:  

Using a Security Operations Center (SOC) to monitor your network to help prevent unwanted access to your network. 

The Discovery:  

The Company contacted InfusionPoints informing them that a Virtual Machine (VM) they were using had ransomware installed. InfusionPoints was not monitoring traffic for this VM and was unaware of this activity. After reviewing the VM in a controlled environment, the cause of the ransomware was unknown. It was also unknowing how long the malicious user had access to the VM. Luckily the malicious user was only able to encrypt the VM and no other machines on their network. 

Our Solution:  

Allow monitoring on all major device that are crucial for companies’ networks. The more devices being monitored the more data the SOC can process for malicious activity. 

Lessons Learned: 

Always be certain on what is and is not allowed through on endpoints on the network. Making sure everything is documented and new devices follow the same standards.