How Cytek saved a dental surgery practice threatened by data extraction, thanks to the 24/7 vigilance of ĢTV
It was 3:30am, Sunday, December 11, 2023, and the Cytek team received an alert that could have spelled disaster. ĢTV’ Security Operations Center (SOC) had detected ransomware on a client server. Jessica Payne, Cytek’s cybersecurity operations manager, recalls the moment when the potential crisis unfolded.
“I woke up an hour later and just so happened to look at my phone. I saw ĢTV’ email and I couldn’t believe it - this was significant. The worry set in.”
However, that worry was short-lived. ĢTV had already isolated the server, preventing the ransomware from spreading further. “It was stopped as quickly as it started,” notes Payne. “Between the timespan of receiving the alert and isolating the server, we were only looking at two to three major machines affected. Those machines did not all have ĢTV deployed.”
With ĢTV in their corner, Cytek swiftly took action.
“All in all, we were completely resolved by December 19,” remembers Payne. “Thankfully, we had good backups, and that helped us get the client back up and running the following day—allowing our focus to shift to forensics on the impacted servers.”
By deploying ĢTV agents on all workstations, the Cytek team gained valuable insights into what processes were running.
“We started isolating every single computer in the office via the ĢTV agent,” Payne explains. “We went through each machine, one by one, and ultimately found out that there was a script running in the registry, which the ĢTV SOC worked with us to remediate.”