When an organisation is targeted by ransomware or cyber extortion, it must quickly determine the extent of the attack, determine the response plan, and mitigate the impact. This subscription not only addresses emergency situations, but it also helps organisations prepare before a threat is imminent.
In a response situation, Flashpoint provides threat actor research, engages with the threat actor to determine appropriate mitigation, and may also provide access to cryptocurrency.
The subscription includes access to Flashpoint subject-matter experts (SMEs) who provide the necessary intelligence to support critical assessments, starting with the determination of whether an attack is a legitimate ransomware or extortion situation. These SMEs will also evaluate the credibility of an attacker’s claims, as well as investigate the digital wallet accepting the ransom payment.
Readiness for these events is delivered in the forms of a ransomware workshop and tabletop exercises (TTX), as well as pre-negotiated FPS rates and engagement hours. These workshops, exercises, and consultation help organisations develop contingencies and prepare in advance of an incident, including establishing a process to ensure cryptocurrency can be acquired and payments can be made securely and quickly in the event of an attack.
Subscriptions also include:
? Potential procurement of cryptocurrency on behalf of an organisation
? One half-day ransomware workshop, which is an interactive, hands-on workshop, educating teams about ransomware attacks, as well as additional information relevant to the particular organisation or vertical.
? One half-day TTX, which simulates real-world scenarios, enabling teams to prepare and mitigate risk for a potential event.
? Option to pre-purchase hours for additional services from FPS at a reduced rate.
“A cyberattack is a street fight. You are not dealing with a technology failure, although a manufactured technology failure might be one of the methods used against your enterprise. Rather, a motivated individual or group of individuals that have decided to target the organisation have left your business with a messy, chaotic and long-term event,” according to Gartner. "All too often, CSIRT and recovery exercises are conducted in a siloed fashion. However, a cyberattack requires that all impacted areas of the business be involved in the exercise to ensure the entire breadth of response and recovery are assessed.”1
“Law enforcement and the security research community don’t advocate the funding of a criminal economy by paying ransomware demands or giving in to extortionists who may have a company’s data in their possession,” said Thomas Hofmann, vice president of intelligence, Flashpoint. “While paying a ransom is often the last resort for any victim of ransomware, decision-makers need to be armed with all the necessary intelligence and options to support their resolution of an incident. Having Flashpoint as a trusted partner helps companies prepare in advance of an incident with training and education, and also facilitates more rapidly acquiring cryptocurrency in the event of an attack.”