Ransomware Investigation

Your organization has been hit by a ransomware attack. Your files are locked, your applications are down and your business is disrupted. How do you respond to this cyber extortion? Unit 42 security consultants are here to help.

Download the datasheet

Ransomware attack investigations

If you’ve experienced a ransomware attack, Unit 42 can help you:
  • Contain the incident
  • Decide whether or not to pay the ransom
  • Facilitate third-party payments if you decide to pay
  • Acquire and validate decryption keys
  • Reverse-engineer decryption tools to look for malicious code
  • Identify the point of entry and all malicious activity in your network
  • Develop and implement a recovery plan
  • Monitor systems to stop follow-up attacks

Prepare for a future attack with a Ransomware Readiness Assessment.


We’ll work closely with you to resolve and recover from attacks

Subject matter expertise

Subject matter expertise

Our teams respond to severe ransomware attacks every day. Whether facing DoppelPaymer, Dharma, Ryuk or another variant, we leverage aggregated threat intelligence and battle-tested methods to minimize costs and downtime.

Read our ransomware report

Crypto liquidity

If you decide to pay a ransom, Unit 42 consultants can guide you through the process of acquiring cryptocurrency. Our mission is to help you quickly contain and recover from ransomware attacks.

Crypto liquidity


With ransomware, the clock is ticking. We move quickly to help our clients contain and investigate threats, and then coordinate the right response to each one.

Powerful proprietary technology

Our incident response solutions are powered by our industry-first extended detection and response (XDR) technology and are designed to help clients successfully contain and control ransomware-related threats.

Powerful proprietary technology
Expert incident response

Expert incident response

  • Rapid deployment

  • Deep forensic analysis

  • Complete containment on time and on budget

  • System restoration and recovery

  • Network monitoring to prevent reinfection