[](https://www.paloaltonetworks.com/unit42?ts=markdown) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![unit42 logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/unit42-logo-dark.svg)](https://www.paloaltonetworks.com/unit42?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/unit42?ts=markdown) * [About Unit 42](https://www.paloaltonetworks.com/unit42/about?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Assess and Test Your Security Controls](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/business-email-compromise?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Respond in Record Time](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Unit 42 Threat Research ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Unit 42 Threat Research [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Threat Briefs and Assessments Details on the latest cyber threats](https://unit42.paloaltonetworks.com/category/threat-research/) * [Tools Lists of public tools released by our team](https://unit42.paloaltonetworks.com/tools/) * [Threat Reports Downloadable, in-depth research reports](https://www.paloaltonetworks.com/resources?q=*%3A*&_charset_=UTF-8&fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Funit42-managed-detection-and-response&fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fresearch&ts=markdown) [THREAT REPORT 2025 Unit 42 Global Incident Response Report Read now](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report?ts=markdown) [THREAT BRIEF Russia-Ukraine Cyberattacks: How to Protect Against Related Cyberthreats Including DDoS, HermeticWiper, Gamaredon, Website Defacement Learn more](https://unit42.paloaltonetworks.com/preparing-for-cyber-impact-russia-ukraine-crisis/) [THREAT REPORT Highlights from the Unit 42 Cloud Threat Report, Volume 6 Learn more](https://www.paloaltonetworks.com/resources/research/unit-42-cloud-threat-report-volume-6?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners Partners * [Threat Intelligence Sharing](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) * [Law Firms and Insurance Providers](https://www.paloaltonetworks.com/unit42/incident-response-partners?ts=markdown) [THREAT REPORT 2025 Unit 42 Incident Response Report Read now](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report?ts=markdown) [THREAT BRIEF Russia-Ukraine Cyberattacks: How to Protect Against Related Cyberthreats Including DDoS, HermeticWiper, Gamaredon, Website Defacement Learn more](https://unit42.paloaltonetworks.com/preparing-for-cyber-impact-russia-ukraine-crisis/) [THREAT BRIEF Operation Falcon II: Unit 42 Helps Interpol Identify Nigerian Business Email Compromise Ring Members Learn more](https://unit42.paloaltonetworks.com/operation-falcon-ii-silverterrier-nigerian-bec/) * Resources ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Resources Resources * [Research Reports](https://www.paloaltonetworks.com/resources?q=*%3A*&_charset_=UTF-8&fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Funit42-managed-detection-and-response&fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fresearch&ts=markdown) * [Webinars](https://www.paloaltonetworks.com/resources?q=*%3A*&_charset_=UTF-8&fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Funit42-managed-detection-and-response&fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fwebinar&ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/unit42/customer-stories?ts=markdown) * [Datasheets](https://www.paloaltonetworks.com/resources?q=*%3A*&_charset_=UTF-8&fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Funit42-managed-detection-and-response&fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fdatasheet&ts=markdown) * [Videos](https://www.paloaltonetworks.com/resources?q=*%3A*&_charset_=UTF-8&fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Funit42-managed-detection-and-response&fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fvideo&ts=markdown) * [Infographics](https://www.paloaltonetworks.com/resources?q=*%3A*&_charset_=UTF-8&fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Funit42-managed-detection-and-response&fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Finfographic&ts=markdown) * [Whitepapers](https://www.paloaltonetworks.com/resources?q=*%3A*&_charset_=UTF-8&fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Funit42-managed-detection-and-response&fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fwhitepaper&ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/resources?q=*%3A*&_charset_=UTF-8&fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Funit42-managed-detection-and-response&fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Farticle&ts=markdown) Industries * [Financial Services](https://www.paloaltonetworks.com/industry/unit42-financial-services?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/unit42-healthcare?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/unit42-manufacturing?ts=markdown) [THREAT REPORT 2025 Unit 42 Global Incident Response Report Read now](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report?ts=markdown) [ANALYST REPORT Unit 42^®^ named a Leader in the 2025 IDC MarketScape for Worldwide IR Services. See our difference](http://start.paloaltonetworks.com/idc-incident-response-marketscape-2025) * * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![palo alto networks logo icon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-default.svg) ![white arrow icon pointing left to return to main Palo Alto Networks site](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-white.svg) [](https://www.paloaltonetworks.com/unit42?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search#q=unit%2042&sort=relevancy&layout=card&numberOfResults=25) Close search modal *** ** * ** *** CYBER RISK MANAGEMENT SERVICES # Ransomware Readiness Assessment ## Defending against ransomware attacks starts with having a plan. The Unit 42 Ransomware Readiness Assessment focuses on preparing you to better prevent, detect, respond to and recover from ransomware. * [Download datasheet](https://www.paloaltonetworks.com/resources/datasheets/ransomware-readiness-assessment?ts=markdown) **unit42\*\*\*\*unit42** ## A universe of protection. #### Shift from reactive to proactive with a Unit 42^®^ Retainer. * [Get Started](https://www.paloaltonetworks.com/resources/infographics/seven-ways-to-use-your-unit42-retainer?ts=markdown) **unit42\*\*\*\*unit42** PrevNext ![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-white.svg) BenefitsService FeaturesMethodologyWhy Unit 42 * [Benefits](#benefits) * [Service Features](#service-features) * [Methodology](#methodology) * [Why Unit 42](#why) {#benefits} BENEFITS ## Ransomware evolves constantly. So should you. ### Ransomware groups are turning up the pressure on their victims -- demanding higher ransoms and making sure organizations pay. According to the 2022 Unit 42 Ransomware Threat Report, our incident response casework shows ransom demands averaged US$2.2 million. Unit 42^®^ can help you avoid the price of being unprepared based on lessons we've learned negotiating ransoms on the frontlines. [Watch the overview](https://www.paloaltonetworks.com/resources/videos/unit-42-overview) ![Card Head Icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/benefits-icons/8-validate-your-security-controls-lt-2.svg) ![Card Mobile Head Icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/benefits-icons/8-validate-your-security-controls-lt-2.svg) ### Validate your response strategy Evaluate how your incident response capabilities perform when triaging ransomware breach scenarios from real cases we've investigated. Unit 42 will identify your organizational strengths as well as areas of improvement. ![Card Head Icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/benefits-icons/Icon-19.svg) ![Card Mobile Head Icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/benefits-icons/Icon-19.svg) ### Detect hidden ransomware risk Harnessing the power of Cortex XDR^®^, Unit 42 will conduct a Compromise Assessment of your environment, focusing on the early stages of ransomware by analyzing endpoint telemetry and hunting for indicators of compromise associated with sophisticated ransomware groups. ![Card Head Icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/benefits-icons/group-20726.svg) ![Card Mobile Head Icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/benefits-icons/group-20726.svg) ### Demonstrate your preparedness Upon completion of Purple Teaming and Tabletop Exercises, we will equip you with the data and recommendations necessary to communicate a sound ransomware preparedness plan to your board and C-suite executives. ![Dive into the latest cyber threat trends and insights from Unit 42](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/unit42-sec-ebook/sticky_nav/images/global-incident-response-report.png) READ THE REPORT ## Dive into the latest cyber threat trends and insights from Unit 42. Discover the latest threat actor tactics and get real-world insights and expert recommendations to stay ahead of evolving AI threats. [READ THE REPORT](https://start.paloaltonetworks.com/unit-42-incident-response-report.html) ![unit42 star](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42/Unit42Star.png)![unit42 star](https://www.paloaltonetworks.com/content/dam/pan/en_US/unit42-contained-exp/overview/Unit42DemandGenMobile.svg) {#service-features} SERVICE FEATURES ## Achieve a target state of ransomware readiness ### The Unit 42 Ransomware Readiness Assessment is available in three different tiers -- each one designed to match the unique needs of your specific organization. {#tiers} Basic Assessment #### Tier 1 ##### Get answers to your ransomware questions from our Unit 42 Threat Researchers and assess your ability to respond. * Ransomware Tabletop Exercise * Readiness findings and recommendations report * Unit 42 Retainer with 250 credits for Incident Response Advanced Assessment ## Tier 2 ### Take a more proactive approach to search for early-stage indicators of ransomware presence or threat actor activity. * Ransomware Compromise Assessment * In-depth technical report of findings and recommendations * Includes everything in Tier 1 Most Comprehensive ## Tier 3 ### Pressure test your defenses with a simulated attack and demonstrate your ransomware preparedness to your board and C-suite. * Purple team ransomware campaign * Data-driven board advisory briefing * Includes everything in Tiers 1 \& 2 | | TIER 1 | TIER 2 | TIER 3 | | Readiness Findings and Recommendations Report | ![Check White](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-white.svg) | ![Check White](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-white.svg) | ![Check Maroon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-maroon.svg) | | Ransomware Tabletop Exercise | ![Check White](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-white.svg) | ![Check White](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-white.svg) | ![Check Maroon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-maroon.svg) | | 250 Credits Reserved for Incident Response | ![Check White](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-white.svg) | ![Check White](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-white.svg) | ![Check Maroon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-maroon.svg) | | Ransomware Compromise Assessment with Cortex XDR | -- | ![Check White](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-white.svg) | ![Check Maroon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-maroon.svg) | | Purple Team Ransomware Campaign | -- | -- | ![Check Maroon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-maroon.svg) | | Executive / Board Advisory Briefing | -- | -- | ![Check Maroon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-maroon.svg) | |--------------------------------------------------|--------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------| | Readiness Findings and Recommendations Report | ![Check White](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-white.svg) | | Ransomware Tabletop Exercise | ![Check White](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-white.svg) | | 250 Credits Reserved for Incident Response | ![Check White](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-white.svg) | | Ransomware Compromise Assessment with Cortex XDR | -- | | Purple Team Ransomware Campaign | -- | | Executive / Board Advisory Briefing | -- | |--------------------------------------------------|--------------------------------------------------------------------------------------------| \[TIER 1\] | Readiness Findings and Recommendations Report | ![Check White](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-white.svg) | | Ransomware Tabletop Exercise | ![Check White](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-white.svg) | | 250 Credits Reserved for Incident Response | ![Check White](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-white.svg) | | Ransomware Compromise Assessment with Cortex XDR | ![Check White](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-white.svg) | | Purple Team Ransomware Campaign | -- | | Executive / Board Advisory Briefing | -- | |--------------------------------------------------|--------------------------------------------------------------------------------------------| \[TIER 2\] | Readiness Findings and Recommendations Report | ![Check Maroon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-maroon.svg) | | Ransomware Tabletop Exercise | ![Check Maroon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-maroon.svg) | | 250 Credits Reserved for Incident Response | ![Check Maroon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-maroon.svg) | | Ransomware Compromise Assessment with Cortex XDR | ![Check Maroon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-maroon.svg) | | Purple Team Ransomware Campaign | ![Check Maroon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-maroon.svg) | | Executive / Board Advisory Briefing | ![Check Maroon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/check-maroon.svg) | |--------------------------------------------------|----------------------------------------------------------------------------------------------| \[TIER 3\] | Placeholder Heading | ------------------- | | | SHOW TABLE ## Here's what we deliver ### Unit 42 will evaluate the effectiveness of your operational capabilities and technical security controls in responding to and recovering from a ransomware incident. ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/portfolio/purple-teaming/defense-and-alerting.svg) ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/individual-services/vcg-easy-to-use-query-language-black.svg) ### READINESS FINDINGS \& RECOMMENDATIONS ![RANSOMWARE TABLETOP EXERCISE](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/incident-response/ramsomware.png) ![RANSOMWARE TABLETOP EXERCISE](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/individual-services/radiation-black.svg) ### RANSOMWARE TABLETOP EXERCISE ![250 CREDITS RESERVED FOR INCIDENT RESPONSE](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/retainer/group-20979.svg) ![250 CREDITS RESERVED FOR INCIDENT RESPONSE](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/individual-services/clock-black.svg) ### 250 CREDITS RESERVED FOR INCIDENT RESPONSE ![RANSOMWARE COMPROMISE ASSESSMENT](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/assess/ransomware-readiness-assessment/CortexXDR.png) ![RANSOMWARE COMPROMISE ASSESSMENT](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/individual-services/CortexXDR-black.svg) ### RANSOMWARE COMPROMISE ASSESSMENT ![PURPLE TEAM RANSOMWARE CAMPAIGN](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/individual-services/detect-risks-icon-red.svg) ![PURPLE TEAM RANSOMWARE CAMPAIGN](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/individual-services/detect-risks-icon-black.svg) ### PURPLE TEAM RANSOMWARE CAMPAIGN ![EXECUTIVE \& BOARD ADVISORY BRIEFING](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/portfolio/purple-teaming/executive-summary.svg) ![EXECUTIVE \& BOARD ADVISORY BRIEFING](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/breach-readiness-review/contingent-workforce1.svg) ### EXECUTIVE \& BOARD ADVISORY BRIEFING {#methodology} METHODOLOGY ## A proven approach to improving ransomware readiness ASSESS ![Review existing documentation](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/portfolio/purple-teaming/upon-completion.svg) ### Review existing documentation Unit 42 will develop an understanding of your processes, tools and capabilities while identifying gaps in security control design. ASSESS ![Conduct stakeholder interviews](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/Transform/expert-threat-briefings/pan-methodology-presentthreat-dark.svg) ### Conduct stakeholder interviews Unit 42 will interview your key stakeholders to gain additional insight into security control deployment and technical capabilities. TEST ![Facilitate Tabletop Exercise](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/assess/ransomware-readiness-assessment/pan-methodology-deploy-dk.svg) ### Facilitate Tabletop Exercise Unit 42 will design and manage a ransomware Tabletop Exercise to test your IR processes, tools and internal knowledge. HUNT ![Hunt for ransomware IoCs (Tier 2)](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/Transform/expert-threat-briefings/u42-icon2-identify-dk.svg) ### Hunt for ransomware IoCs (Tier 2) Our threat hunters will search for indicators of unauthorized access, data exfiltration, lateral movement, malicious file execution and persistence. ATTACK ![Conduct Purple Teaming (Tier 3)](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/portfolio/purple-teaming/after-gaining-initial.svg) ### Conduct Purple Teaming (Tier 3) Unit 42 experts will attempt to bypass your security controls by leveraging tools and techniques common in ransomware attacks. IMPROVE ![Report findings](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/individual-services/improve-menthodology.svg) ### Report findings You will receive a detailed technical report including security risks with prioritized recommendations to guide your efforts. {#why} WHY UNIT 42 ## World-renowned security experts, always in your corner ### As an industry-leading threat intelligence, cyber risk management and incident response organization, it's our job to help you prepare and respond to some of the most challenging threats so that your team can get back to business faster. As threats escalate, we act as your trusted partner to advise and strengthen your security strategies. ![Card Head Icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/Transform/incident-response-plan-development-review/1-world-class-threat-intelligence-lt.svg) ![Card Mobile Head Icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/Transform/incident-response-plan-development-review/1-world-class-threat-intelligence-lt.svg) ### WORLD-CLASS THREAT INTELLIGENCE Unit 42 provides access to one of the world's largest and most experienced threat intelligence teams. Our team of more than 200 cyberthreat researchers includes threat hunters, malware reverse engineers and threat modeling experts who enable you to apply a threat-informed approach to prepare for and respond to the latest cyberthreats. ![Card Head Icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/assess/tabletop-exercises/3-experience-and-expertise-lt.svg) ![Card Mobile Head Icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/assess/tabletop-exercises/3-experience-and-expertise-lt.svg) ### TRUSTED EXPERTISE \& EXPERIENCE Unit 42 has assembled an experienced team of security consultants with backgrounds in public and private sectors who have handled some of the largest cyberattacks in history. We manage complex cyber risks and respond to advanced threats, including nation-state attacks, APTs and complex ransomware investigations. ![Card Head Icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/Transform/incident-response-plan-development-review/2-industry-leading-tools-lt.svg) ![Card Mobile Head Icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/Transform/incident-response-plan-development-review/2-industry-leading-tools-lt.svg) ### INDUSTRY-LEADING TOOLS Unit 42 security consultants leverage industry-leading Palo Alto Networks tools to jumpstart your investigation by gaining necessary visibility across your endpoint, network, cloud and third-party data. This enables you to develop and execute a plan to get back to business as quickly as possible following an incident. {#stop} #### Related resources [See all resources](https://www.paloaltonetworks.com/resources?q=*%3A*&_charset_=UTF-8&fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Funit42-managed-detection-and-response&ts=markdown) INFOGRAPHIC #### 5 Surprising Truths About Cybersecurity Assessments [Get the facts](https://start.paloaltonetworks.com/five-truths-about-cybersecurity-assessments) INTERACTIVE GUIDE #### 7 Ways to Use Your Unit 42 Retainer [Explore now](https://www.paloaltonetworks.com/resources/infographics/seven-ways-to-use-your-unit42-retainer?ts=markdown) WEBPAGE #### Unit 42 Retainer [Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) Case study #### Telecom Provider Contains Black Basta Attack and Restores Operations [Read now](https://www.paloaltonetworks.com/customers/telecom-provider-contains-ransomware-attack-and-restores-operations?ts=markdown) {#contact} ![jeffries-logo](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/overview/panw-sml-logo-white.svg) ## Go from reactive to proactive Our consultants serve as your trusted advisors to assess and test your security controls against the right threats, transform your security strategy with an intelligence-informed approach and respond to incidents in record time. First Name \* Last Name \* Email \* Company \* Job Level \*Job Level Job Function/Focus Area \*Job Function/Focus Area Phone \* Country \*Country StateState Department \* ProvinceProvince Zip Code \* Sign me up to receive news, product updates, sales outreach, event information and special offers about Palo Alto Networks and its partners. By submitting this form, I understand my personal data will be processed in accordance with [Palo Alto Networks Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) and [Terms of Use.](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. Contact us #### THANK YOU! A Palo Alto Networks specialist will reach out to you shortly. We look forward to connecting with you! {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language