During the Wild West Hackin’ Fest in Deadwood, South Dakota, the BHIS SOC team transitioned from a company dinner into an intense 14-hour incident response operation. The incident involved a live ransomware attack triggered by suboptimal EDR configurations that allowed attackers to begin deleting VSS shadows and encrypting files in a customer environment.
The response highlighted the effectiveness of the BHIS collaborative SOC model, as analysts, detection engineers, and incident responders worked in unison to remove alert exclusions and contain the threat in real-time. By morning, the team successfully prevented the ransomware from reaching critical backups, showcasing the necessity of end-to-end investigation ownership and rapid communication during high-stakes cybersecurity events.
Top comments (0)