Group-IB Incident Response

Ransomware response
and prevention

Ransomware has become the most widespread threat in information security.
It can affect businesses of any size in any sector.

The Number One Threat

$4.4 million

was paid in one of the biggest ransomware attacks ever recorded


more ransomware attacks took place compared to last year

$1 billion

is the total potential damage from ransomware attacks

Paying the ransom
is not the solution

In 97% of ransomware attacks, it is impossible to regain access to data without decryption software. We do not recommend rushing to pay ransoms demanded by hackers.

After you have paid the ransom, the same hackers may attack you again

There is zero guarantee that you will be given the decryption software required

It is impossible to know what other resources the hackers have gained access to

Paying the ransom merely encourages the fraudsters to commit further crimes

If you have been attacked, it is crucial to conduct professional incident response operations

In 73% of cases, ransomware attacks involve stealing confidential data and establishing persistence in compromised infrastructure. That is why it is essential to conduct thorough incident response operations.

Cybercriminals may remain in the corporate network

Failing to analyze an incident gives attackers the opportunity to remain in compromised networks and disrupt the company’s business processes.

We install the required network protection tools

As part of responding to incidents, our experts use tools and products developed by Group-IB itself. Our solutions help uncover potential malicious activity and identify further attempts to compromise the targeted company.

Detailed recommendations and eliminating errors

We provide a list of recommendations on how to optimize the IT infrastructure and what measures to take in order to prevent compromise in the future.

Initial analysis of an incident

If you have fallen victim to a ransomware attack, share the following data so that it can be analyzed by Group-IB specialists: ransom note file and an example of an encrypted file

Do not wait for an attack to happen

As soon as cybercriminals penetrate your network, they could achieve their goals within weeks or even hours. Many organizations fail to detect malicious activity promptly, however, because the methods, tools and tactics used by hackers are always improving.

Compromise Assessment

Identify traces of compromise and signs that a hacker attack is being prepared.

Pre-IR Assessment

Prepare your team to effectively respond to information security incidents.

Incident Response Retainer

Take advantage of our pre-negotiated proactive and reactive services to ensure a timely response to incidents.

Atmosphere: Cloud Email Protection

Block, detonate and hunt for the most advanced email threats with patented email security technology.

Information Security Audit

Search for and assess vulnerabilities in both the external and internal infrastructure.

Why choose Group-IB

We respond to complicated threats worldwide

  • We are familiar with the tools, tactics, techniques, and procedures used by the most dangerous hacker groups and APTs (RedCurl, Cobalt, Lazarus, MoneyTaker), ransomware operators (Maze, Egregor, Revil), and other cybercriminals.
  • With 18 years of hands-on experience in incident response, Group-IB experts promptly detect attacks being prepared and malware samples.

Patented technologies for protecting against targeted attacks

  • Our malware detonation platform boasts fine-tuned and realistic workstations, clear and comprehensive reports, and analysis methods that are not found in any sandbox.
  • We have developed a high-performance AI-driven classifier that protects corporate and technological networks.

We accurately detect threats across all distribution channels

  • We offer a single solution that covers all the channels that cybercriminals can use to penetrate infrastructure and move across the network.
  • A low rate of false positives means that business processes are not disrupted and specialists do not waste their time.

Ransomware threat research

Standing up to cybercriminals requires understanding their most recent tactics, techniques, and procedures (TTPs) as well as taking the appropriate means to protect against them.

Ransomware 2021-2022

The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®

Спасибо за интерес к нашему исследованию
Пожалуйста, примите во внимание, что мы оставляем за собой право отказать в предоставлении данных при некорректном заполнении формы. Мы отправляем материал только при указании корпоративного e-mail адреса.

Recent research

Lock like a Pro: How Qakbot fuels enterprise ransomware campaigns

Group-IB has already warned of the threat posed by ProLock ransomware. Its time to uncover the unknown details behind the attacks.

Egregor ransomware: The legacy of Maze lives on

The code of the new ransomware Egregor shares many similarities with Maze and Sekhmet, and the tools used by the operators resemble ProLock.

Ransomware Uncovered: Attackers Latest Methods

Exhaustive analytical review of the tactics, techniques, and procedures (TTPs) used by malware operators in 2019

The evolution of ransomware and its distribution methods

In 2018, ransomware attacks were still on the rise. Some became more sophisticated and adopted tactics and techniques from APT threat actors.

Скачать отчет

Эволюция вирусов-шифровальщиков и способов их распространения

Скачать отчет

Программы-вымогатели: новейшие методы атак

Скачать отчет

ProLock: как Qakbot помогает вымогателям зарабатывать миллионы

Скачать отчет

Шифровальщик Egregor.
Темное наследие Maze

International recognition and awards

Our consulting and incident response services have been recognized by international rating agencies

Winner in the Incident Response category for Group-IB Incident Response Retainer

Winner in the Ransomware Protection category for Group-IB Incident Response Retainer

Group-IB’s team of experts

Group-IB’s incident response specialists are able to quickly stop and investigate hacker attacks, understand how cybercriminals penetrate a company’s network, and prevent them from stealing money and valuable data.

Certificates held by Group-IB specialists:


Oleg Skulkin

Head of Digital Forensics and Malware Analysis Laboratory

Roman Rezvukhin

Acting Deputy Head of Malware Analysis

Anatoly Tykushin

Lead Digital Forensics Specialist

Get new report
Ransomware Uncovered 2021/2022

The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®


We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.