Ransomware
Fast, Effective Response to Ransomware
Smart SOAR empowers your SOC team to act quicker to minimize damage from ransomware attacks. Automate parallel tasks to locate malicious files, quarantine hosts, block file hashes, and find signs of further compromise. Our platform is designed to put your SOC in control of your security posture and focus on what really matters. Minimize damage. Maximize recovery.
Ransomware Response Steps
Step 1:
When potential ransomware is detected in a tool or reported by a user, the analyst triggers D3’s NIST-based ransomware playbook.
Step 2:
D3 checks the reputation of the URL and IP address against threat intelligence sources and sends any files to a sandbox.
Step 3:
Simultaneously, a nested playbook runs to check network logs for traces of WannaCry and other known ransomware variants.
Step 4:
Also simultaneously, D3 gathers information from Active Directory on the affected user and determine data criticality.
Step 5:
Next, in the containment and recovery phase, D3 sends a notification to stakeholders, quarantines affected hosts, and blacklists URLs and file hashes.
Step 6:
Next, in the containment and recovery phase, D3 sends a notification to stakeholders, quarantines affected hosts, and blacklists URLs and file hashes.
Benefits of Ransomware Incident Response Automation
Act Quicker to Minimize Damage
Automate parallel tasks to locate malicious files, quarantine hosts, block file hashes, and find signs of further compromise.
Apply Best Practices to Workflows
D3’s ransomware playbooks are based on NIST and US government best practices, ensuring that your workflows are aligned with the best available guidance.
Prevent Compromise through Phishing
Ransomware often starts with phishing. D3’s phishing playbooks provide fast and effective response that minimize the risk of successful breaches.
Identify What (and Who) You’re Dealing With
Within the ransomware response playbook, D3 can run a nested playbook to identify if the malware you’ve detected is a known ransomware strain.
New to Smart SOAR?
Learn how Smart SOAR outperforms conventional SOAR tools in every aspect of threat detection, analysis, and incident response.