Ransomware Investigation

It’s one of the most prevalent cyber security threats in the world, making headlines daily: crippling ransomware attacks. Ransomware attacks are used by independent hacking cells, professional crime syndicates, ex-employees, and so-called hacktivists to extort money from individuals and organizations while crippling your ability to access your files, your client database, R&D research, your own intellectual property, your website, and even basic email. Cyber security firm Cytelligence is uniquely qualified to help both individuals and businesses deal with ransomware attacks across Canada, from Halifax, to Ottawa, to Toronto, to Winnipeg, to Calgary, and Vancouver – and all points in between.

Ed Dubrovsky“While the news media publishes that most ransomware attacks cost only a few hundred dollars, on a weekly basis Cytelligence negotiates on behalf of clients where ransomware demands for payments are between $20,000 and $150,000 in Bitcoin.
Ransomware is serious business. Don’t leave ransomware negotiations to amateurs or well- meaning techies. And ransomware is definitely not a D-I-Y project.”
Ed Dubrovsky, Managing Director, Cyber Breach Response

Essentially, ransomware takes your data hostage and hackers will extort a ransom for the release of your data. Why do cybercriminals want your data? Data is the new “gold.” Here are just some of the things that typically happen during a ransomware attack:

Mission-critical systems are disabled, principally operations and payment systems

Personal, identifiable information has been potentially exfiltrated (this is useful to cybercriminals for identity theft later)

End-of-life systems are unrecoverable

Your back-ups are encrypted as well

Intellectual property is captured and released to the Dark Web, to be sold to the highest bidder

These are some of the situations that Cytelligence’s ransomware removal team faces each week, supporting individuals, small business and enterprise-organizations in the safe resolution of their ransomware attacks.

Make no mistake: a ransomware attack affects your operational capacity, your financial position, your stock price if your company is publicly traded; your compliance with regulators and with privacy laws; as well as your overall reputation with customers, suppliers, and employees through the media and resulting negative publicity. The effects of a ransomware attack can be very long-lasting indeed.

Worst of all, there is no guarantee that even if the ransom is paid, that your data access will be fully restored. It may only be partially restored. Or, that the cybercrooks did not make copies of your data, for nefarious purposes later. Like the saying goes, “There is no honour among thieves.”

Our goal at Cytelligence is to help you recover from ransomware attack and return to day-to-day activities in the shortest amount of time, in a confident, precise, and cost-effective manner. We developed our Ransomware Support Practice to resolve current hostage attacks and then empower the organization with guided changes to help with future ransomware attacks prevention:

  • We have reduced the cost of ransomware attacks through expert negotiation.
  • We have helped with decryption of systems without any payment to the attacker.
  • We have detected and contained on-going attacks during ransomware negotiations.
  • We manage the entire ransomware attack, using our knowledge, expertise and influence.

You get our extensive experience in ransomware removal, compromise assessments, digital forensics, breach investigation and cyber security consulting to solve your ransomware incident in a professional manner that reduces the anxiety over a ransomware attack.

What is Ransomware?

Ransomware is a devastating attack on an organization’s or individual’s digital assets. Cyber criminals or threat actors release a kind of malware which enters a computer system or network through fraudulent means and locks down files from access by encrypting them until a demanded ransom is paid to hackers in return for a decryption key.

Damages from ransomware in 2019 are expected to rise to $11.5 billion and a new organization will fall victim to ransomware every 14 seconds, and every 11 seconds by 2021.

What are the most popular types of Ransomware?

While there are some very prevalent ransomware variants, with the increase of services offering ransomware as a service (RaaS) and allowing for customization the overall number of possible variations has seen a steep increase. Some of the most “popular” variants at the time of writing this include:

  • Dharma/Crysis and now Phobos a variant of Dharma
  • RYUK
  • LockerGoga
  • Sodinokibi
  • MAZE

The above variants are seeing to collaborate with other malware families such as:

  • Emotet
  • Trickbot
  • Dridex

Learn more about ransomware variants 

Find out why you can trust the Ransomware experts at Cytelligence