SOAR renewal? Migrate to D3 for free

Ransomware

Fast, Effective Response to Ransomware

Ransomware Response Steps

When potential ransomware is detected in a tool or reported by a user, the analyst triggers D3’s NIST-based ransomware playbook.

D3 checks the reputation of the URL and IP address against threat intelligence sources and sends any files to a sandbox.

Simultaneously, a nested playbook runs to check network logs for traces of WannaCry and other known ransomware variants.

Also simultaneously, D3 gathers information from Active Directory on the affected user and determine data criticality.

Next, in the containment and recovery phase, D3 sends a notification to stakeholders, quarantines affected hosts, and blacklists URLs and file hashes.

Next, in the containment and recovery phase, D3 sends a notification to stakeholders, quarantines affected hosts, and blacklists URLs and file hashes.

New to Smart SOAR?