Ransomware Incident Response

If your infrastructure has been compromised and your files have been encrypted by ransomware, then our Ransomware Incident Response Team will be your first contact.

We know exactly what you are going through at this very moment, since we have been there hundreds of times before.

Ransomware Incident Response Team

Contact us so one of our representatives can guide you through the next steps and explain to you what options you have right now.

Most Ransomware Incidents cannot be recovered, not because of the hacker, but because of the IT Administrator and Management mistakes after the incident.

This is our strategy for Ransomware Incident Response

Our actions and strategy is summarized in the points below:

  1. Collection of a sample from the client infected site with encrypted files and we analyze the family (variant) of the ransomware.
  2. Preparation of the steps that need to be taken on the client premises before we start assessing the situation, so that we can maintain the current encrypted state.
  3. Research in publicly available solutions / decryptors for the specific variant, in order to see if it is decryptable without paying the ransom.
  4. Research in Private Recovery labs and Antivirus companies in order to determine if there is a solution to the ransomware variant with a specific fee that will have guaranteed results.
  5. Research for existing decryptors that other clients have paid to find out if the keys match and can decrypt the specific variant of Ransomware.
  6. When there are no solutions available, we determine the importance of encrypted files and we consult the client for places they can find the data or places to look for older data that may decrease the severity of the data loss.
  7. If the data cannot be found from other sources and the loss of this data is crucial, then we attempt negotiation with the hacker team.
  8. Based on previous incidents from our hacker ransomware incident database (if there are similar incidents) we determine the course of action for the negotiation and we evaluate the credibility of the hacker team. According to our experience we answer the question “Is the hacker credible based on previous statistics?”
  9. Hacker team is being verified for its ability to recover the files: Proof of concept
  10. Once the decryptor is delivered from the hacker team, we help the client recover the files using the decryption tool provided by the hacker team and preventing the mistakes that might occur during the process that might render the files irrecoverable.
  11. A full report of actions is provided if the client has a Cyber Security contract active.

Contact our Ransomware Incident Response Team to learn more about our services.