D3 XGEN SOAR for Ransomware Attacks

 

Ransomware Response Steps 

Step 1:   When potential ransomware is detected in a tool or reported by a user, the analyst triggers D3’s NIST-based ransomware playbook.

Step 2:   D3 checks the reputation of the URL and IP address against threat intelligence sources and sends any files to a sandbox.

Step 3:   Simultaneously, a nested playbook runs to check network logs for traces of WannaCry and other known ransomware variants.

Step 4:  Also simultaneously, D3 gathers information from Active Directory on the affected user and determine data criticality.

Step 5:   Next, in the containment and recovery phase, D3 sends a notification to stakeholders, quarantines affected hosts, and blacklists URLs and file hashes.

Step 6:   Next, in the containment and recovery phase, D3 sends a notification to stakeholders, quarantines affected hosts, and blacklists URLs and file hashes.

 

Benefits of Ransomware Prevention 

 

✔  Act Quicker to Minimize Damage

Automate parallel tasks to locate malicious files, quarantine hosts, block file hashes, and find signs of further compromise.

✔  Apply Best Practices to Workflows

D3’s ransomware playbooks are based on NIST and US government best practices, ensuring that your workflows are aligned with the best available guidance.

✔  Prevent Compromise through Phishing

Ransomware often starts with phishing. D3’s phishing playbooks provide fast and effective response that minimize the risk of successful breaches.

✔  Identify What (and Who) You’re Dealing With

Within the ransomware response playbook, D3 can run a nested playbook to identify if the malware you’ve detected is a known ransomware strain.

 

XGEN SOAR demo image

XGEN SOAR Demo

Speak to a SOAR expert about your automation strategy.

See our product in action.

Let's Get Started