How the Huntress SOC Stopped a VPN-Based Ransomware Attack

A small US construction manufacturer suffered a VPN compromise (lacking MFA) that allowed an attacker to authenticate, use RDP for reconnaissance, steal credentials, move laterally, and attempt to disable Defender and the EDR agent; SOC detection and rapid human-led triage isolated the network, removed the attacker, and remediated the vulnerability, preventing a likely ransomware impact and highlighting the importance of MFA, monitoring, and practiced response.