What We Do
How we do it
Nov 22, 2021
Microsoft Exchange Vulnerability - CVE-2021-42321
THE THREAT eSentire has identified publicly available Proof-of-Concept (PoC) exploit code, for the critical Microsoft Exchange vulnerability CVE-2021-42321. CVE-2021-42321 was announced as part of Microsoft’s November Patch Tuesday release. Exploitation would allow a remote threat actor, with previous authentication, to execute code on vulnerable servers. Prior to the patch release, Microsoft…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Oct 28, 2021
Telarus and eSentire Expand Partnership to Safeguard Enterprises Globally Against Business Disrupting Ransomware and Zero-Day Attacks
London, UK and Sydney, Australia– Oct. 28, 2021 - eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announces the expansion of its partnership with Telarus, the largest privately-held distributor of business cloud infrastructure and contact centre services. Building on their mutual success across North America, Telarus will bring eSentire’s Managed…
Read More
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Use Cases


Dissecting Today’s Ransomware Ecosystem

Ransomware-As-A- Service, Targeted Intrusions and Opportunistic Attacks.


Stop It Before It Spreads

Ransomware is the fastest growing type of cybercrime. With opportunistic attacks, Ransomware-as-a-Service (RaaS), and sophisticated social engineering techniques on the rise, time to detect and contain are critical. We harden your layered defenses and support in developing a strategy for identifying, responding to, and remediating ransomware attacks.


eSentire MDR 24/7 Coverage

15 Minute Mean Time to Contain

eSentire Incident Response 4-Hour Threat Suppression SLA



In ransomware damages expected in 20211


YoY growth expected in ransomware attacks2


average cost of ransom paid in 20213


increase in ransomware attacks YTD 20214

1,2 Cybersecurity Ventures
3 Palo Alto Unit 42
4 Checkpoint Software

Ransomware attacks aren’t new but how this attack vector is being leveraged to target your organization is drastically evolving.

What started as opportunistic attacks that threat actors used to extort transactional payments from their victims has fast forwarded to sophisticated and coordinated state-sponsored groups leveraging tailored ransomware to cripple the operations of high-value targets including utilities, manufacturing, and healthcare providers. While these threat actors are motivated financially, many groups are ideologically motivated and orchestrate cyber-attacks purely to create chaos, sowing instability and mistrust.

What does this mean for your business?

The ransomware threat doesn’t end when you recover your IT systems and data from backups. The effects of a ransomware attack may linger for years, potentially eroding your reputation, costing millions in clean-up efforts, and often limiting your ability to land business in highly regulated industries. It’s unrealistic to believe you can prevent ransomware attacks entirely. Defending your organization against powerful human attackers, equipped with advanced technologies requires an equally powerful combination of human expertise equipped with advanced technologies. No ransomware defense is complete without automated and manual responses.

At eSentire our mission is to hunt, investigate, and stop ransomware threats before they disrupt your business. You shouldn’t settle for partial security, so we ingest multiple signals, correlating data across your network, endpoint, log, and cloud sources providing complete visibility, deep investigation, and unparalleled response.

The result?

We stop ransomware attacks before they become business disrupting events.

We Understand Ransomware Today - And In The Future

We have been preventing, disrupting, and remediating ransomware threats for decades. We understand where this threat is headed and what support you need to defend your organization from what is now the fastest growing threat vector in our space.


Localized Attacks

  • Standalone tool deployment
  • File encryption and theft
  • Singular back up possible


Internal Denial of Service

  • Access by any means necessary
  • Ransomware used as a catalyst
  • Unrestorable, damaged back ups
  • Wide spread damage
  • Privileged credential access to servers and infrastructure
  • Multiple revenue sources, including: ransom itself, extortion, and sale of data
  • Introduction of Ransomware-as-a-Service



  • Consistent automation of persistent and widespread access
  • Organizational damage impacting the public at large
  • Data encryption across outsourced software whereby credentialed access will expand to SaaS systems including accounting, payroll, CRM, and more
  • Standalone tool deployment
  • File encryption and theft
  • Singular back up possible
  • Access by any means necessary
  • Ransomware used as a catalyst
  • Unrestorable, damaged back ups
  • Wide spread damage
  • Privileged credential access to servers and infrastructure
  • Multiple revenue sources, including: ransom itself, extortion, and sale of data
  • Introduction of Ransomware-as-a-Service
  • Consistent automation of persistent and widespread access
  • Organizational damage impacting the public at large
  • Data encryption across outsourced software whereby credentialed access will expand to SaaS systems including accounting, payroll, CRM, and more


Dissecting Today’s Ransomware Ecosystem: Ransomware-As-A- Service, Targeted Intrusions and Opportunistic Attacks.

Defending Your Organization From Ransomware

We protect organizations from Social Engineering Attacks, Fileless Ransomware, Lateral Movement, and Ransomware-as-a-Service. Here’s how our services map to the various ransomware attack vectors.

Managed Risk and Vulnerability

  • Button down initial access vectors
  • Develop robust security strategy, training initiatives, and testing cadence
  • Assessments and testing through Penetration Testing, Vulnerability Scanning, Red Team Operations, Security Awareness Training, and Phishing Programs
Learn More →

Managed Detection and Response

  • 24/7 threat detection, isolation, disruption, and containment of ransomware attacks
  • Expertise to understand attacker presence, evaluate footholds, and battle persistent access attempts
  • Original threat research, compromise driven content development, and high velocity advisory insights
Learn More →

Digital Forensics and Incident Response

  • Emergency Incident Response support and Incident Response Retainer SLA with 4-hour threat suppression
  • Digital Forensics investigations and determination of breach extent with results that can bear scrutiny in court of law
  • Guidance through evidence handling, crisis communications, compliance notifications, and more
Learn More →

It's time for comprehensive ransomware attack protection that scales. Ready to get started?

Team eSentire In Action

8 Hours in Battle during the SunWalker Ransomware Incident

Learn how our 24/7 Security Operations Center(SOC) and Threat Response Unit(TRU) defended an online educational institution with eSentire Managed Detection and Response.

Ransomware battle 1
Ransomware battle 2


  • An effective defensive posture requires process, technology, and most importantly human expertise for combat-level containment and response
  • You can’t battle these attackers alone - eSentire MDR’s response was balanced with automated platform disruptions and TRU/SOC team investigation and manual containment, far beyond the customer’s resources/in house-capabilities
  • Multi-layered defense is required to combat sophisticated ransomware attacks - eSentire response to this incident included: endpoint monitoring/investigation, infrastructure and indicator research, next generation AV response, network monitoring/investigation, account monitoring, exfiltration investigation and manual defensive actions over an 8 hour period

Defending Against Modern Ransomware: Lessons from the SunWalker Incident

Download the Full Report →

Defining Ransomware And It’s Revenue Streams

Ransomware is an evolving form of malware designed to encrypt files on a device, rendering the files and their system unusable. Malicious actors demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.

Ransomware incidents continue to become more destructive and impactful in nature and scope. Attackers engage in lateral movement to target critical data and propagate ransomware across entire networks. These actors also increasingly use tactics, such as deleting system backups, that make restoration and recovery more difficult or infeasible for impacted organizations. The economic and reputational impacts of ransomware incidents, throughout the initial disruption and, at times, extended recovery, have also proven challenging for organizations of all sizes.

The proliferation in ransomware attacks has led to multiple streams of revenue, including secondary and tertiary extortion attempts, attempting to take advantage of victims at their most vulnerable state, responding to the initial attack.


Ransoms themselves

The attacker will demand an initial payment via bitcoin in exchange for restoring access to the victim’s files.


Extortion around the attack

Many times the attacker, or other partners will threaten to publicize the incident in an attempt to extort funds from those concerned of reputational impact.


Profit from the stolen data

Even if you’re able to restore your files, and avoid publicity around the Ransomware attack, your data may have been replicated, and released for sale on the dark web.

If you pay a ransom, you may nullify your cybersecurity insurance policy. Contact eSentire for expert advice, incident response and digital forensics support before you pay.

How To Reduce The Impact Of A Ransomware Attack

Maintain offline, encrypted backups of data and to regularly test your backups

Maintain regularly updated “gold images” of critical systems in the event they need to be rebuilt

Retain backup hardware to rebuild systems in the event rebuilding the primary system is not preferred

In addition to system images, applicable source code or executables should be available (stored with backups, escrowed, license agreement to obtain, etc.)

Create, maintain, and exercise a basic cyber incident response plan and associated communications plan that includes response and notification procedures for a ransomware incident

Connect with our Managed Risk experts to discuss security strategy, assessments and testing programs to measure your preparedness for a ransomware attack.

Why Every Organization Needs An IR Plan

Effective incident response quickly brings control, stability and organization to the chaotic situation you may find yourself in, should a ransomware attack be spreading across your environment. When the worst scenario happens, how fast your organization can contain and recover is critical to limiting business disruption, reducing cost, and salvaging reputational damage.

You will need to consider:

System recovery: Can we regain control of our systems?

What needs to be rebuilt/reimaged? Can we recover our encrypted data?

Communications management: Has our name been posted online? Do we need to manage any fallout?

Financial considerations: What is the cost of the ransom? How would we pay it? Should we? Does our insurance cover the payout? Is there a second extortion element?

Investigation and hardening: How did the attack unfold? Where are our weak points?

How do we strengthen our posture?

The eSentire Artemis Cyber Investigations Team Is Here To Help

With Emergency Incident Response, Security Incident Response Planning Services and an industry-leading 4-hour threat suppression SLA for IR Retainer organizations, we deliver cutting-edge digital forensics, threat intelligence, and powerful 24/7 Incident Response expertise, to bring structure and calm to your incident handling.

Contact Us →

Why eSentire MDR For Ransomware?

As the Authority in Managed Detection and Response, we go above and beyond the market’s capabilities in response to deliver MDR3– Response. Remediation. Results. Here’s why enterprises choose eSentire to defend them from ransomware threats.

24/7 Threat Detection and Security Operations to disrupt ransomware attacks before they deploy across your organization

Battle-tested Threat Hunters and Security Experts who manually hunt, contain and respond to ransomware attacks on your behalf

Our Altas XDR Platform provides Security Network Effects so your defenses are hardened with every ransomware detection across our global customer base

Industry-leading threat research and detection model development from our Threat Response Unit (TRU) to create encryption keys and new detection methodologies for lateral movement and cyber gang activities

Industry-leading SLAs – 15 minute mean time to contain with eSentire MDR, and 4-hour remote threat suppression with our IR Retainer

What Our Customers Are Saying

Mcsaatchi greyscale logo
eSentire goes beyond the market’s capability in Managed Detection and Response, providing M&C Saatchi with unmatched speed to resolution of security events, and deep threat hunting expertise."
Neil Waugh
Chief Information Officer | M&C Saatchi
Tory 320x320
We have peace of mind knowing someone is watching our back during after-business hours with speed to alert, block and remediate threats."
Gary Smith
IT Manager | Torys LLP
Rawlinson greyscale logo
We have immediate visibility into attempts to penetrate our network and feel better knowing that eSentire’s MDR is manned 24/7 with experienced cybersecurity experts."
Mark Fairhead
Associate Director (IT Department) | Rawlinson & Hunter

Ready to get started?

We’re here to help! Submit your information and an eSentire representative will be in touch to discuss how eSentire can protect your business from Ransomware.