Imagine being in a large, dark house – there are cameras, but you can’t see in all the corners.

This is how Mr Eric Nagel, general manager for APAC at cybersecurity firm Cybereason, characterises the way the company hunted down a ransomware attack in a high-end Asian manufacturing company.

In a ransomware attack, hackers – or threat actors – use malicious software to encrypt files on a device, then demand ransom, typically in cryptocurrency, to undo their work.

The first signs of suspicion in this attack came from some abnormal communication between machines. Aware that something was wrong, but not knowing why, the company reached out for help.

Working like snipers, Cybereason threat hunters searched for the ransomware, while sales engineers and technical consultants mapped the enterprise’s ecology, pinning down the servers, workstations, laptops and operating systems.

Then they deployed the latest cybersecurity solution – an endpoint detection and response tool, also known as EDR.

The EDR tools works “a little bit like putting on all the lights and shining a spotlight everywhere in your house. So if something’s hidden in the corner, you’ll find it,” said Mr Nagel.