“If it ain’t broke, don’t fix it”. As we predicted last year, ransomware has been one of the most successful business models for cybercriminals in the last year, who have made huge sums from extorting thousands of businesses. It’s of little surprise our most read Photon research, Q1 Ransomware Roundup is on this very topic. Given this “double extortion” ransomware shows no signs of going away, in this blog, I will get specific and show exactly how you can make intelligence on ransomware fully actionable in four ways:
This blog is largely geared towards existing SearchLight users, but if you want to follow along, you can register for Test Drive and get free access for 7 days.
Track Emerging Variants
As the whack-a-mole game between law encroachment and ransomware operators continues, it’s tricky to keep up-to-date with the latest active variants. You can see all of the variants actively tracked by SearchLight by going to Intelligence – Malware and then filtering by “Ransomware” malware type. Each of these will have an in-depth profile, information on targets, techniques, and associated intelligence and indicators–all the context you need to quickly understand what this variant means to you.Filtering by ‘Ransomware’ type in the SearchLight Malware Profile List View SearchLight Malware Profile for Clop Ransomware
Block Malicious Indicators
First, on a very tactical level, we’ve made it p ..