LIFARS provides complimentary consulting on Ransomware attacks to determine if a move forward decision is desired with factors consisting of whether data exfiltration occurred, determining if additional systems have been compromised and/or requests to attempt data recovery.
For high profile ransomware cases LIFARS engages the U.S. Secret Service Electronics Crime Task Force which was formed to prevent, detect, mitigate and aggressively investigate attacks on the nations’ financial and critical infrastructure.
Some of the key benefits:
- Assess recovery options/recommendation based on sensitivity/importance of data that is locked and identification of specific ransomware.
- Recover private keys from recorded network conversations (provided client has a network recorder) and decrypt files without paying ransomware.
- Determine whether to kill the process on all systems if it is still running or let encryption finish if paying ransom is the only remaining option.
- Provide Advisory and/or additional assessment to determine IVoC and potential lateral spread.
- Preserve system before recovery and consider full disk images for future analysis.