Ransomware Response Steps
Step 1: When potential ransomware is detected in a tool or reported by a user, the analyst triggers D3’s NIST-based ransomware playbook.
Step 2: D3 checks the reputation of the URL and IP address against threat intelligence sources and sends any files to a sandbox.
Step 3: Simultaneously, a nested playbook runs to check network logs for traces of WannaCry and other known ransomware variants.
Step 4: Also simultaneously, D3 gathers information from Active Directory on the affected user and determine data criticality.
Step 5: Next, in the containment and recovery phase, D3 sends a notification to stakeholders, quarantines affected hosts, and blacklists URLs and file hashes.
Step 6: Next, in the containment and recovery phase, D3 sends a notification to stakeholders, quarantines affected hosts, and blacklists URLs and file hashes.
Benefits of Ransomware Prevention
✔ Act Quicker to Minimize Damage
Automate parallel tasks to locate malicious files, quarantine hosts, block file hashes, and find signs of further compromise.
✔ Apply Best Practices to Workflows
D3’s ransomware playbooks are based on NIST and US government best practices, ensuring that your workflows are aligned with the best available guidance.
✔ Prevent Compromise through Phishing
Ransomware often starts with phishing. D3’s phishing playbooks provide fast and effective response that minimize the risk of successful breaches.
✔ Identify What (and Who) You’re Dealing With
Within the ransomware response playbook, D3 can run a nested playbook to identify if the malware you’ve detected is a known ransomware strain.