Early this year, when an executive at a hospital called our Incident Response (IR) team, he had yet to realize that his organization was confronting an active ransomware attack. Symantec Endpoint Protection (SEP) and his internal team had flagged as suspicious some data that was marked with a four-letter file name, he explained, and multiple attempts to scrub it had failed.

He told me the file name and my heart sank. Less than a week earlier, I’d seen a half-dozen companies in different industries fall victim to ransomware files consisting of the same four letters. In this instance, however—and in large part because the executive reached out to our incident response team right away—we succeeded in thwarting the attack while it was underway.