Tracking Ransomware within SearchLight

Tracking Ransomware within SearchLight

“If it ain’t broke, don’t fix it”. As we predicted last year, ransomware has been one of the most successful business models for cybercriminals in the last year, who have made huge sums from extorting thousands of businesses. It’s of little surprise our most read Photon research, Q1 Ransomware Roundup is on this very topic. Given this “double extortion” ransomware shows no signs of going away, in this blog, I will get specific and show exactly how you can make intelligence on ransomware fully actionable in four ways:

  • Track Emerging Variants

  • Block Malicious Indicators

  • Analyze Popular Targets

  • Map Security Controls

  • This blog is largely geared towards existing SearchLight users, but if you want to follow along, you can register for Test Drive and get free access for 7 days

    Track Emerging Variants


    As the whack-a-mole game between law encroachment and ransomware operators continues, it’s tricky to keep up-to-date with the latest active variants. You can see all of the variants actively tracked by  SearchLight by going to Intelligence – Malware and then filtering by “Ransomware” malware type. Each of these will have an in-depth profile, information on targets, techniques, and associated intelligence and indicators–all the context you need to quickly understand what this variant means to you. 

    Filtering by ‘Ransomware’ type in the SearchLight Malware Profile List View

    SearchLight Malware Profile for Clop Ransomware

    Block Malicious Indicators


    First, on a very tactical level, we’ve made it p ..