Image

Ransomware Response Steps

Step 1:
When potential ransomware is detected in a tool or reported by a user, the analyst triggers D3’s NIST-based ransomware playbook.
Step 2:
D3 checks the reputation of the URL and IP address against threat intelligence sources and sends any files to a sandbox.
Step 3:
Simultaneously, a nested playbook runs to check network logs for traces of WannaCry and other known ransomware variants.
Step 4:
Also simultaneously, D3 gathers information from Active Directory on the affected user and determine data criticality.
Step 5:
Next, in the containment and recovery phase, D3 sends a notification to stakeholders, quarantines affected hosts, and blacklists URLs and file hashes.
Step 6:
Next, in the containment and recovery phase, D3 sends a notification to stakeholders, quarantines affected hosts, and blacklists URLs and file hashes.

Benefits of Ransomware Incident Response Automation

Checked Icon

Act Quicker to Minimize Damage

Automate parallel tasks to locate malicious files, quarantine hosts, block file hashes, and find signs of further compromise.
Checked Icon

Apply Best Practices to Workflows

D3’s ransomware playbooks are based on NIST and US government best practices, ensuring that your workflows are aligned with the best available guidance.
Checked Icon

Prevent Compromise through Phishing

Ransomware often starts with phishing. D3’s phishing playbooks provide fast and effective response that minimize the risk of successful breaches.
Checked Icon

Identify What (and Who) You’re Dealing With

Within the ransomware response playbook, D3 can run a nested playbook to identify if the malware you’ve detected is a known ransomware strain.

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.