Offered as part of Searchlight’s Cerberus Platform, the new module allows for the investigation, tracking and gathering of intelligence on live ransomware activity. Ransomware Search and Insights offers a curated view of ransomware groups, including tactics, incidents and victimology that can be observed in real time, helping analysts bolster their threat intelligence and gain the upper hand on ransomware groups.
The data from ransomware groups can be found on the dark web manually, but the process is time-consuming. Using Ransomware Search and Insights, the company says, organizations can observe the victims of threat actors, posts on leak sites and track known group members, all in one place — significantly reducing time and resources spent individually researching each threat group.
The service offers additional data and information, including previously unseen insight into ransomware activity as it’s happening. Organizations can use the service to identify which ransomware groups are targeting organizations that match their profile across industry, geography and business size, and tailor their defenses with a better understanding of which group is most likely to attack them.
For law enforcement, Ransomware Search and Insights provides investigators with up-to-date intelligence for their fight against cybercrime. As ransomware groups use the dark web to conduct their campaigns with impunity, tracking the activity of prolific threat actors on marketplaces and forums can help law enforcement efforts to disrupt and take down these groups.
“The Ransomware Search and Insights module was born from our work with national law enforcement agencies who require real-time insights to investigate and take down ransomware groups,” explained Dr. Gareth Owenson, co-founder and chief technology officer of Searchlight Security. “We have listened to and collaborated with them to address these needs and bring the next evolution of threat hunting to life. Investigators can now work smarter, not harder, with live intelligence on ransomware operators collated and delivered to them.”