Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
Chronicle Return to the Chronicle homepage
Security Operations Platform arrow_forward expand_more
Security Operations Platform

Explore the Security Operations Platform for the modern SOC.

Security Operations Platform
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
Detect Detect threats with confidence by storing and analyzing all your security telemetry at Google scale.
Investigate Get faster insights with context and depth of investigation to stay ahead of the latest breaches.
Respond Orchestrate tools, build automation, and collaborate with ease to respond in minutes.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Overview Level up your security team’s performance with four powerful solutions.
SOC Modernization Protect your organization against modern-day threats.
SIEM augmentation Eliminate security blindspots and expand automation.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Solutions for Small to Mid-Sized Business Expert resources for organizations with up to 2000 employees
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Community Join security pros sharing SecOps content and best practices
Contact us Visit the contact us page
Chronicle Return to the Chronicle homepage
Security Operations Platform arrow_forward expand_more
Security Operations Platform

Explore the Security Operations Platform for the modern SOC.

Security Operations Platform
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
Detect Detect threats with confidence by storing and analyzing all your security telemetry at Google scale.
Investigate Get faster insights with context and depth of investigation to stay ahead of the latest breaches.
Respond Orchestrate tools, build automation, and collaborate with ease to respond in minutes.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Overview Level up your security team’s performance with four powerful solutions.
SOC Modernization Protect your organization against modern-day threats.
SIEM augmentation Eliminate security blindspots and expand automation.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Solutions for Small to Mid-Sized Business Expert resources for organizations with up to 2000 employees
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Community Join security pros sharing SecOps content and best practices
Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
Mandiant is now part of Google Cloud. Learn More Mandiant is now part of Google Cloud. .
Fastest Two Minutes in SecOps: Ransomware [Video]
Dan Kaplan
Content Marketing, Google Cloud SecOps
June 15, 2022

Scan the headlines, and not a day goes by when ransomware is not in the news. And it seems that for every business-focused piece addressing the threat that ransomware poses to an organization’s general security posture and bottom line, there is a more technical piece about a specific new variant that has taken on more advanced capabilities than the one before it.

Consider this:

A report in April from security company Sophos said that 66% of organizations surveyed were hit by a ransomware attack in 2021, up from 37% the prior year. The average ransom payment increased almost fivefold to more than $800,000, the report said.

Not only is ransomware not going away, it is getting more frequent — and sophisticated. Not surprisingly, the scourge is taking its toll on security operations teams, with many citing the constantly looming threat of ransomware as a primary driver for wanting to leave their cybersecurity jobs.

Studies have shown that a majority of businesses lack confidence in their ability to recover following a ransomware incident. As such, when ransomware strikes, the adage that every second counts is truer for this threat than arguably any other cyber risk, especially in the age of remote work and an expanded attack surface.

While history has clearly shown that ransomware is difficult to stop in its entirety, even on the most resilient networks, the impact can be controlled. Realizing that ransomware is not all that dissimilar from other malicious threats is a wise first step. As such, sound detection and disruption of the spreading process is more important than countering the specific threat itself.

  • Be wary of lateral movement tools, even legitimate ones, which could signal a ransomware spread is underway.

  • Avoid a “blame culture” that could deter employees from reporting ransomware infections.

  • Leverage tools like SIEM to detect early-warning indicators and SOAR to automate the response to limit disruption.

With the next ransomware threat likely just around the corner, here is a super digestible crash course in best practices from Vicente Diaz, threat intelligence strategist of VirusTotal. In the latest episode of "Fastest Two Minutes in SecOps," Diaz tells security operations professionals everything they need to know about how ransomware is evolving and key pointers to consider in a detection and response strategy.

To learn more about the ransomware threat, download The Definitive Guide to Ransomware Response.

Let’s work together

Ready for Google-speed threat detection and response?

Contact us Visit the contact us page