Whether you are experiencing an active compromise by a threat actor or you are putting the pieces together after the fact: our skilled investigators and analysts can assist with investigation and recovery. Our cyber response team (CRT) is highly experienced in responding to advanced persistence threats, data extortion, business email compromise, ransomware, insider threats, and more.

Our team brings an end to end solution. After the incident is contained, we assist organizations with regulatory inquiries, law enforcement requests, and helping organizations prepare for potential litigation. We have numerous experts that regularly testify in court.

Learn more about our Insider Threat Prevention Services.

CRA has significant experience conducting data breach investigations across all industries, and we often find the lack of cyber hygiene and defense grows into a state of compromise, incompliance, and/or adverse business impact. Our strategic cyber team collaborates with organizations to comprehensively assess and improve their cybersecurity posture and defenses through the following proactive services:

• Insider threat assessment and program development
• Cybersecurity framework assessment and program development
• Data privacy/compliance assessment
• Incident Response (IR) readiness
• Cloud cybersecurity assessment

The proactive services above leverage industry leading cybersecurity standards, guidelines, and frameworks including, but not limited to NIST, ISO, FedRAMP, SANS, and CMU CERT — as well as global, national, and regional regulations including, but not limited to GDPR, HIPPA, and the California Privacy Act of 2018 — to provide a holistic approach to cybersecurity strategy.

Our team has worked on over 1,000 ransomware cases ranging from Big Game eCrime syndicates such as Maze, Conti, Netwalker, Sodinokibi, Bit/Doppel Paymer to numerous Ransomware as a Service actors such as Dharma, RobbinHood, Cortex family. As eCrime syndicates continue to infiltrate organizations, they have changed the game as they are weaponizing data taken and posting to their blogs. Our seasoned team has developed numerous tactics, techniques, and procedures (TTPs) to combat the threats that your organization could be experiencing from these eCrime crime syndicates.

Our comprehensive solution consists of:

1. Identifying the threat actor involved;
2. Negotiating for decryption keys/data;
3. Deploying decryption keys to the network to unencrypt data and get the organization back in business;
4. Performing containment and eradication of the malware left behind by deploying or leverage end point detection response tools such as Carbon Black Defense;
5. Executing a forensic investigation of how the threat actor was able to infiltrate the organization and what information was taken, if any;
6. Creating a lessons learned and roadmap going forward (90, 180, 270 day plan) for the organization; and
7. Responding to regulatory, class action, client, and other requests.

Our experience speaks volumes for our clients as our job one is getting you back in business due to this unfortunate event.

Typically, we find that determined attackers will try to re-enter an environment. Smart organizations will remain vigilant throughout the post-incident phase as operations are returning to normal. Not all incidents end after the adversary is eradicated from the environment, and many large incidents can have follow up needs lasting well beyond the incident’s lifespan. CRA is able to assist you in a number of ways outside of performing traditional incident response services. CRA can provide expertise to assist you with:

• Performing secondary investigations not performed during the initial response, such as determining whether an actor had access to Sarbanes-Oxley complaint systems
• Assessing response taken by another provider or an internal team, and providing insightful recommendations on how to improve and prepare for the next incident
• Assisting in the review of remediation efforts undertaken by an organization, helping to verify the taken actions meet the prescriptive goal
• Assisting legal counsel with expert testimony when needed

One of the best ways to prepare for your organization for an incident is to pit your security defenses against a human adversary in a penetration test. By utilizing our comprehensive penetration testing methodology, built on the SANS Institute’s methodology and the MITRE ATT&CK framework: CRA’s penetration tests work to effectively emulate the actions and techniques used by advanced threat actors, thus allowing us to flush out weakness and flaws in an organization’s environments that can often be missed by automated scanning tools.

A compromise assessment takes a holistic look at your environment, augmenting and verifying your security team’s capabilities. Our team provides insights from both a network- and endpoint perspective, hunting for known and unknown threats.

Our team will collect and analyze data from external threat intelligence sources, your endpoints and network traffic. We'll assess these data using the same analysis techniques, tools and technologies that we use during our incident response engagements.

Our report will detail our observations regarding malicious and suspicious activities in your environment, as well as your overall state of cybersecurity hygiene. During the assessment we will work side by side with your security- and operations teams. We’ll alert you immediately should we detect signs of active compromise, in which case our experts will be ready to assist you in dealing with it.

Learn more about our Compromise Assessment Services.