ACTIVE status
Ryuk malware family
HIGH severity
Endpoint Behavioral Guard triggered by
c:\windows\system32\dllhost.exe trigger
ransomware.win.honey protection name
dave remote user
ATTACK STATS
What sort of connections and processes were involved?
Remote Logon
Internal
1 Malicious
Processes
ENTRY POINT
How did it enter the system?
dave was remotely logged in via RDP. Incident started with network access in chrome.exe
BUSINESS IMPACT
What was the potential damage done?
6 Credential
Theft
35 Data
Changes
1929 Data
Loss
1 Privacy
Violation
REMEDIATION
Were all incident created elements removed?
98%675/685
terminated processes
0%0/6
quarantined/deleted files