It all started with a seemingly harmless call. A new employee picked up, unaware that a ransomware attack was quietly set into motion. What followed was a carefully orchestrated attack carried out with masterful precision. At the heart of this story lies a critical partnership that became the decisive barrier between restoring normal operations and total chaos.
The setup | Never trust an unknown caller
Like any good horror story, this one starts with a phone call.
It was only day two on the job for a new hire at a fast-paced marketing agency. Amid the flurry of onboarding tasks, she figured there’d be plenty of unfamiliar faces and names reaching out. So, hoping to make a good first impression, she answered the phone.
The person on the other end sounded polite, professional, and reassuring. The caller explained the new employee would soon receive a Microsoft login prompt to set up her account in the company’s system.
Sure enough, the email popped up moments later. At first glance, everything seemed normal, like another mundane step in settling into a new role. She followed the instructions and entered her login details without a second thought.
Of course, as horror stories go, one small misstep can lead to things far more sinister.
The incident | Mere minutes until ransomware detonates
The employee had no idea that hitting "Sign in" wouldn’t just sign her into her account—it was signing the whole agency up for trouble. But who could blame her? She was only doing what anyone else would in her shoes.
The attacker took full advantage of her being new and eager to impress. It was social engineering at its finest. Without realizing it, she cracked open a virtual door just wide enough for chaos to sneak in.
“The attacker dropped code that copy-pasted some PowerShell into the Run dialog and eventually downloaded command-and-control software, which in turn downloaded a living-off-the-land (LOTL) program,” explains Mike Pearlstein, CEO of Fusion Computing. “And about 30 minutes later, it tried to download ransomware.”
The countdown to disaster had begun.
But no one heard the clock ticking.
“Huntress just works. How can you not have defense backed by an expert-led SOC and incident response 24/7 in your back pocket? Not having that for a dollar or two per agent leaves significant functionality on the table in a way that could save your bacon when you need it most.”
The secret weapon | Fusion, backed by Huntress
Unbeknownst to both the new employee and the attacker, the marketing agency had a powerful ally in Fusion Computing, a leading Toronto-based managed security services provider (MSSP).
And better yet, Fusion was backed by Huntress.
“Microsoft Defender for Endpoint saw the attack, but it didn't throw an alert,” explains Pearlstein. “So, without Huntress in place, the agency probably would’ve had one or more machines taken offline, and they’d have incurred some serious losses.”
Before going deeper into how the breach was stopped, let’s rewind and see how Fusion came to rely on Huntress in the first place.
“For me, it’s really about the people behind Huntress. They're very knowledgeable and great to talk to. Whether it’s something basic or something intense, I've never had to wait long to chat with anyone. The experts have always been fantastic. They’re detailed, and I get exactly what I need to know, including next steps.”
Flashback | Why Fusion chose Huntress
Starting in 2022, Fusion began searching for a partner that could meet their compliance goals and grow with them as their needs evolve. They were also on a mission to meet Center for Internet Security (CIS) Control Version 7 standards—a tall order that demanded full visibility, human-led support, and a readily accessible, 24/7 security operations center (SOC).
After carefully evaluating solutions to complement Microsoft Defender, their decision came down to one well-known cybersecurity vendor…and Huntress.
The competing vendor, however, proved overly complicated and unfocused, trying to do too much without nailing the basics. Huntress soon emerged as the clear winner.
Offering comparable functionality at a lower cost per agent, the Huntress platform provided seamless visibility across Fusion’s entire infrastructure.
“Huntress plays an important role in our stack,” says Osama Munir, Fusion’s Cybersecurity Operations Lead. “We use it continuously to monitor endpoints for indicators of compromise. With most of our clients on Microsoft Business Premium licensing and utilizing Microsoft Defender for Endpoint, the Huntress platform integrates well with Defender and highlights detections with relevant information on an easily identifiable page.”
The Huntress platform gave them clear visibility, intuitive remediation, and expert-backed threat response. Put simply, it gave Fusion the power to move fast when their clients needed it most.
Flashback | The power of community
For Fusion, Huntress’ “human element” helped seal the deal. Fusion was impressed by Huntress’ strong presence in the cybersecurity community. From the CEO’s unfiltered insights to the in-depth analysis provided by their threat analysts, Huntress gave Fusion something they’ve rarely seen from a partner—transparency and authenticity.
“Thought leadership is key,” says Pearlstein. “When I can see more of who people are, I feel better about the engagement, which is why we're with Huntress. I've got a real relationship with a partner, and I know it’s for the long term.”
“How Huntress engages with the community is extremely important to us, and no other organization does it better,” adds Munir.
Proof from the past | What legacy tools missed, Huntress found
Fusion once had a client reluctantly holding onto Bitdefender’s antivirus (AV) and endpoint detection and response (EDR) tools. The client was dealing with sluggish system performance, and despite clean scan results, something was off.
Given their trust and confidence in Huntress, Fusion recommended the client trial Huntress Managed EDR and Managed Identity Threat Detection and Response (ITDR) on a handful of their devices. Almost instantly, Huntress began uncovering incidents, artifacts, and remnants from past malware infections that Bitdefender had completely overlooked.
“What Huntress found when it was installed was artifacts of a BlackCat infection,” says Pearlstein. “There were significant artifacts and even executables of living-off-the-land tools associated with that threat group.”
The evidence was irrefutable. And the client quickly rolled out Huntress across their entire organization.
Back to the breach | The identity attack that went nowhere
Let’s go back to that marketing agency. Everyone went about their day with no idea there was a silent, ticking time bomb. Ransomware was set to detonate, growing more dangerous with each passing second.
Then, the clock just stopped.
Huntress’ Managed ITDR detected the hacker’s activity within minutes. Before ransomware could shut down operations, the Huntress SOC acted decisively, isolating the compromised device and stopping the attack in its tracks.
“They got lucky,” admits Pearlstein. “Without Huntress in place, we’d probably be on the phone with their cyber insurance provider right now, and we’d definitely be dealing with significant downtime and financial losses.”
But Huntress didn’t just identify the threat—the SOC delivered a comprehensive debrief outlining exactly what had happened. They also provided clear, actionable steps for remediation.
“It was clear from the notifications exactly what had happened and what needed to be done,” says Munir. “Because some of our clients aren’t the most technical, they just care about being operational right away, and the simplicity of Huntress helps us achieve that.”
Munir explains that he and Pearlstein had both attended a conference when they got the alert for this incident. But they weren’t concerned. He adds, “The fact that we had those assisted remediation steps meant our internal team could easily go in and conduct those fixes and investigations without us having to be present.”
Munir emphasizes that deploying and monitoring ransomware canaries and external recon of ports adds powerful insight into his clients’ organizations. “With ITDR now, this has become an essential part in reviewing and remediating risky sign-ins for our clients,” he says.
“It was clear from the notifications exactly what had happened and what needed to be done. Because some of our clients aren’t the most technical, they just care about being operational right away, and the simplicity of Huntress helps us achieve that.”
After the incident | A grateful CEO sighs in relief
Pearlstein recalls telling the agency’s CEO, “I can't believe how lucky you are today. If Huntress hadn't been there, you probably wouldn't be operating now. And you’d be on the phone with your clients trying to salvage things.”
The CEO was at a loss for words, simply responding, “Oh my God! Thank you so much!”
Always empathetic, Pearlstein asks, “It was only that poor employee’s second day of work; what were they supposed to do?” He adds that he deployed security training for the new employee to help enhance their security posture moving forward.
“We tell our clients that Huntress is the reason that threat actors aren’t connected to your computers,” says Munir. “With Huntress in place, we’ve been able to mitigate threats quickly and ensure our clients don’t experience much downtime and can go forward with their jobs.”
How Fusion benefits from Huntress | A partnership built to scale
Fusion partnered with Huntress for its ability to scale with compliance needs while driving thought leadership and innovation. For Fusion, Huntress isn’t just a tool. They’re a trusted partner who provides:
-
Ease of use: The Huntress dashboard delivers clarity, providing agent health and detailed incident reviews all in one place.
-
Cost efficiency: Because Huntress is fully managed by an expert SOC and gives them easy-to-follow remediations, anyone at Fusion can take action. It doesn’t tie up in-house specialists' time, making it cost-effective for operations.
-
24/7 expertise: With the Huntress SOC’s follow-the-sun coverage, Fusion has unmatched visibility and real-time support at any time of day.
-
Fast mean-time-to-resolution (MTTR): From receiving an alert to sending an incident report, Huntress has an eight-minute MTTR.
-
Community engagement: Fusion is a proud part of the Huntress community. Pearlstein highlights, “Getting someone like John Hammond on the phone to talk things through has been very powerful not just for me but for business leaders who might not understand cybersecurity that well.”
Fusion x Huntress | People-powered protection meets purpose-built tech
Huntress technology is purpose-built to work hand-in-hand with their human-led SOC, making detection and response fast and agile. That means no delays in waiting for third-party vendors to respond. This setup lets Fusion succeed without needing to shake up their operations or hire more staff. Plus, with straightforward remediation, the platform gives everyone—from help desk newbies to seasoned tech pros—everything they need to act with confidence.
“For me, it’s really about the people behind Huntress,” adds Munir. “They're very knowledgeable and great to talk to. Whether it’s something basic or something intense, I've never had to wait long to chat with anyone. The experts have always been fantastic. They’re detailed, and I get exactly what I need to know, including next steps.”
“Huntress just works,” Pearlstein concludes. “How can you not have defense backed by an expert-led SOC and incident response 24/7 in your back pocket? Not having that for a dollar or two per agent leaves significant functionality on the table in a way that could save your bacon when you need it most.”
