Threat actor collectives continue to innovate in methods used to extort information and payments from victims, including deploying ransomware, conducting distributed denial-of-service (DDoS) attacks, or targeting executives, resulting in sensitive information and assets being posted to the public repositories.

This evolving landscape highlights the need for extortion victims and teams such as incident response or digital forensics to have insight into the illicit communities and sites to identify potential exposure via third-party vendors. They require swift actionability to identify and access victim breach data that has been observed in order

to further adapt and optimize internal response plans.


Overview

Powered by Flashpoint’s extensive, signal-rich collections and alerting engine, Extortion Monitoring Service (EMS) delivers real-time automated alerts of identified leaked assets as a result of an extortion incident, providing teams the necessary insight into the extent of exposure and damage.


Key Benefits

EXPERIENCED PROFESSIONALS

Our highly experienced Professional Services team has over 50 years of federal government and corporate experience and training and has expert tradecraft honed over years of operating in the most austere online environments.

STRONGER BENCH OF RESOURCES AND COLLECTIONS

Flashpoint’s multidisciplinary analysts speak over 20 languages and drive our global collections engine that accounts for the largest collection of illicit communities. Our data and collections cover more regions, countries, and types of threat actors.

REAL-TIME NOTIFICATION

Flashpoint Automated Alerting matches conversations from illicit online communities with keywords associated with the team’s areas of concern and automatically provides these matches directly to the user.

CONDUCT ANALYSIS AND RESEARCH

As an added benefit, users are able to access the original collections in a safe environment if additional information is needed for your incident.


Use Case

SUPPORT TO INCIDENT RESPONSE TEAMS; IDENTIFY AND PREVENT THIRD PARTY RISK

When an organization's critical network service has fallen victim to a ransomware or cyber extortion attack, incident response teams require immediate insight into the extent and damage caused. As part of their response plan and investigation, internal teams need to understand where and if sensitive data and assets have been leaked by threat actors for malicious purposes. More often than not, the stolen information is sold in illicit communities, which leads to further damage extending beyond the organization, including third-party vendors. As a result, incident response. teams must take into consideration the organization’s third-party vendors as part of their response plan to ensure full protection of sensitive assets.

EMS supports incident responses teams by providing immediate notification of identified leaked assets as a result of an extortion incident, thereby saving internal teams time and resources. Flashpoint sheds light on the extent of exposure and damage, as well as the context surrounding the threats, in order to take immediate action and mitigate further risk. Our post-incident support ensures that internal teams have the tools and resources from Flashpoint to ensure extended protection that aligns with the organization's requirements.



Did this answer your question?