Ransomware Investigate and Contain
This playbook investigates and contains ransomware detected on endpoints.
This content is not mapped to any local saved search. Add mapping
How to Implement
Several searches can be used to detect the presence of ransomware in the environment. This playbook is designed to investigate a file using a sandbox and if determined to be ransomware, immediately take action to block network communications, and quarantine devices.
How To Respond
When potential ransomware is detected this playbook can be used to further investigate, or changes can be made to the playbook to automatically take action to quarantine a device and block network communications. Note also this playbook will hunt for additional infected hosts using any observed file hashes.
Ransomware Investigate and Contain Help
Simply deploy Phantom and work with your technical team to deploy this.