Cybersecurity pays off. A Michigan company working with Newmind for IT recently had a very close call with a ransomware attack. It was a perfect storm of mistakes which could have led to serious downtime for the business (or millions of dollars in ransom), but we’re relieved to say that an advanced piece of our cybersecurity saved them.
Here’s what happened:
A Michigan client of ours- we won’t name names- Our client is a mid-sized design agency that staffs a lot of remote workers. All of them use company-provided laptops, which connect to their servers via VPN. Fairly standard stuff. One of their remote workers (we’ll call him John) uses one of these laptops (we’ll call it John’s Laptop). We helped set up John’s Laptop to protect him using a few different tools:
That’s not a bad setup! He’s getting the email security that comes standard with Microsoft Outlook, and Harmony is an extra email scanner on top of that. Whenever John receives a suspicious email through his company address, he’s pretty well protected.
Unfortunately, the attack didn’t come through his work email. It came through his personal email.
John knows he shouldn’t be using his work device to check personal email, but we’ve all been there—it’s a very easy mistake to make. John checked his personal email just like he would any other day, and on this particular day he received a very believable phishing email asking him to verify some flight tickets that he never purchased. The email included a PDF that claimed to be a receipt—and if John had been in his work account, the scanner would have blocked the file as a threat—but he downloaded it and opened the file, believing it was a real PDF.
The attack was a ransomware package designed to lock up all the files on his device, and then request access to the company servers via VPN, to lock up all of the data there, too. Dangerous stuff, and it works fast.
You might say it was a real Final Destination moment for John’s Laptop.
Lucky for us, and John, the ransomware wasn’t faster than the Canary file on John’s local storage, designed for stopping a ransomware command before it can do damage.
Huntress EDR (endpoint detection and response) is a next-gen antivirus tool that we deploy on all of our Fully Managed clients’ devices, with some very hefty countermeasures to protect against modern threats. One of those countermeasures is called a Canary file. These are small, lightweight files placed on protected devices, and they can isolate and freeze a ransomware program as soon as it notices suspicious activity occurring on the device.
When John opened the ransomware file, it tripped the Canary that we had placed on his work device. An alert went out to his Newmind engineer, Huntress’ Security Operations Center (SOC), and we were able to step in to investigate. Thankfully, this stopped the attack before any meaningful files were damaged (and if they were, we could have restored them using backup).
A bird in the hand is worth… at least one enterprise laptop infected with ransomware? Seriously though, as ransomware attacks become easier and more common, it has paid off time and time again for our clients to have multiple cybersecurity fail-safes in place.
In a changing landscape, there’s no such thing as a bulletproof computer. It takes a set of overlapping defenses to keep your team safe. If you’re not sure about the security of your organization, we’re happy to lend an ear. Get in touch.
Google surprised us in January 2025 with the announcement that Gemini, their AI assistant, would…