Searchlight Security, a dark web intelligence company, has launched Ransomware Search and Insights, a strategic enhancement to its Cerberus platform. Ransomware Search and Insights automatically collates data from active ransomware groups to help organizations and law enforcement agencies to investigate, track, and gather intelligence on live ransomware activity.
This curated view of ransomware groups means that patterns in tactics, incidents and victimology can be observed in real-time, helping analysts bolster their threat intelligence and gain the upper hand on ransomware groups.
“Although ransomware has been one of the most pressing threats for several years, it still remains persistent because security teams and law enforcement agencies have been on the back foot, playing catch-up with the ever-changing tactics and profiles of ransomware groups.” said Dr. Gareth Owenson, co-founder and CTO of Searchlight Security. “With visibility into the dark web presence of active ransomware threat actors, analysts can better understand how they are currently operating, therefore gaining a critical advantage over groups.”
Ransomware Search and Insights allows organizations to observe the victims of threat actors, posts on leak sites and track known group members, all in one place – reducing time and resources spent individually researching each threat group. With previously unseen insight into ransomware activity as it is happening, they can identify which ransomware groups are targeting organizations that match their profile (e.g. industry, geography, business size) and tailor their defenses with a better understanding of which group is most likely to attack them.
Cerberus’ Ransomware Search and Insights provide investigators with the most up-to-date intelligence for their fight back against cybercrime. Ransomware groups pose a significant risk to national security through the persistent threat to critical infrastructure. As ransomware groups use the dark web to conduct their campaigns with impunity, tracking the activity of prolific threat actors on marketplaces and forums can help law enforcement agencies efforts to disrupt and take down these groups.
“The Ransomware Search and Insights module was born from our work with national law enforcement agencies that require real-time insights to investigate and take down ransomware groups. We have listened to and collaborated with them to address these needs and bring the next evolution of threat hunting to life,” Owenson said. “Investigators can now work smarter, not harder, with live intelligence on ransomware operators collated and delivered to them.”
Dark web monitoring is emerging as one of the fastest-growing offerings among MSSPs, driven in no small part by increased customer demand to stay one step ahead of attackers and prevent disruptive ransomware incidents. Ransomware Search and Insights provides MSSPs with a tool that integrates into their existing offering, with the ability to deliver easy-to-digest overviews of ransomware activity to customers, or action intelligence internally to protect their client base from emerging threats.
For more information, download Searchlight’s free report: Dark Web Profiles: The Most Prolific Ransomware Groups of 2022. Or, to find out more visit slcyber.io