Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Flashpoint Launches Ransomware Response & Readiness Service

Threat intelligence and research company Flashpoint on Wednesday announced the launch of a new service designed to help organizations prepare and respond to ransomware and other types of cyber extortion incidents.

Threat intelligence and research company Flashpoint on Wednesday announced the launch of a new service designed to help organizations prepare and respond to ransomware and other types of cyber extortion incidents.

The new Threat Response & Readiness Subscription is available immediately, both as an extension to Flashpoint’s other business risk intelligence offerings and a standalone service that can be purchased separately. Pricing is customized based on the customer’s requirements for response and readiness engagements.

The readiness part of the service includes ransomware workshops, tabletop exercises (TTX), and pre-negotiated rates and engagement hours. The workshops are designed to educate the customer’s employees on ransomware, including how it works, how organizations can become infected, attacker profiles, and cryptocurrencies.

The TTX involves discussing simulated scenarios, assessing the effectiveness of current response plans, establishing roles and responsibilities, and improving coordination.

As for incident response, Flashpoint provides research on the threat actor launching the attack, engages with the attacker in an effort to determine appropriate mitigations, and even helps the victim acquire cryptocurrency in case they decide to pay the ransom.

“While law enforcement and the security community generally do not recommend that victims pay ransoms or extortion demands, in some cases it is the most reasonable decision, particularly for organizations concerned with the consequences of impermissible downtime and the inaccessibility of critical systems or data,” Tom Hofmann, VP of Threat intelligence at Flashpoint, told SecurityWeek.

“Determining whether or not to pay a ransom or extortion demand is a highly individual and situational decision. Deciding factors generally include available evidence, information, estimated impact, and perhaps most importantly, the estimated validity of the attacker’s claims—in other words, if a payment is made, will the attacker actually unlock or deliver the data?” Hofmann added.

As part of the response service, Flashpoint directly engages with the attacker on behalf of the customer to verify if the threat is real and if the hackers’ claims are credible, determine if the compromised data may be recovered by other means, identify mitigations, and, if necessary, pay the ransom.

Analyzing the threat also involves investigating the digital wallet accepting the ransom or extortion payment, which can provide insight into the validity of the attacker’s claims.

“In some cases, suspected attackers are actually just automated bots attempting to scam victims into paying and have no intention of encrypting or otherwise compromising the victim’s data. If analysis reveals that a unique wallet has not been configured for each unique infection, it is an indicator that the attacker may be less sophisticated, an automated bot could potentially be involved, and further analysis is likely required,” Hofmann explained.

Flashpoint strongly discourages any individual or organization from engaging directly with the threat actor on their own, due to “the inherent difficulties and security risks involved,” Hofmann said.

Related: Risk Intelligence Firm Flashpoint Raises $28 Million

Related: Flashpoint Launches Intelligence Academy

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.