Ransomware Prevention and Response Service

Backed by our global Investigations and Incident Response team as an effective countermeasure to the increasing threat of ransomware


Don't be held to ransom

Ransomware has become the fastest growing threat to small and large enterprises alike. In 2016, the US-CERT observed a 300 percent year-on-year growth in infections. This is largely due to ransomware authoring toolkits becoming prevalent and accessible. Never before has the world at large had its computer systems and valuable data held hostage at the behest of cyber criminals on such a scale.

“300% increase in Ransomware over 2016” 

As the ransomware threat continues to evolve, the prevalence of organized crime groups targeting corporate networks is rapidly increasing as they continue their endeavor to exploit corporates through profitable criminal activity to their fullest.

Although a number of different ransomware types exist, there is a common high level series of events that occur during a traditional ransomware attack.

MWR Website Graphics AW400 

“Recent variants have targeted and compromised vulnerable business servers …multiplying the number of potential infected servers and devices on a network” - FBI Sept 2016

With perpetrators going for ever higher bounties, 2016 saw the rapid expansion of capabilities in ransomware to target network shares, encrypting vast amounts of corporate data. Attackers soon learned that large organizations were willing and capable of paying much more than individual users. This in turn has pushed forward the ransomware capabilities and delivery techniques in 2017 to effect widespread corporate compromise on a regular basis.

MWR Website Graphics AW400 02 

The cost and time in recoverability for these new breeds of ransomware attacks are magnitudes larger than previously seen. With moves towards enterprise wide ransom, destruction of backups, and the compromise of critical assets, it is imperative to prevent and respond to these attacks in their earliest stages.

“Organizations that are attacked by ransomware are at risk of data loss and business disruption."

With this in mind, MWR have developed an easily deployable endpoint protection technology specifically designed to stop ransomware attacks, provide immediate protection, and mitigate the risks of data loss and business disruption. The solution will stop attacks as they happen, providing a final line of defense against ransomware.

This is backed by MWR’s global Investigations & Incident Response team of highly-skilled and experienced investigators, armed with the capability to rapidly respond, remotely analyze and contain threats as they emerge.

 MWR Website Graphics AW 03.2


MWR’s unique endpoint agent, RansomFlare, deployed across the Windows workstation and server estate, connects to cloud based monitoring centres for coverage of your systems, whether at work or on the road.

RansomFlare uses a combination of machine learning and behavioural analysis to identify ransomware as soon as it runs on a computer system. When an attack is identified, the agent immediately intervenes to protect the data and the endpoint.

Unlike traditional licensing models, there is no per endpoint licensing applied to this solution.  You are free to install RansomFlare on any number of computers within your organization.

When RansomFlare intervenes to protect systems, your security team will receive an automated alert. MWR have standard alerting options available such as Email or Telegram message service, and have the flexibility to integrate with custom systems you may already use.

Incident Response – Your Response Team

In the event of a suspected emergency incident scenario, this offering also provides guaranteed response, ensuring you will receive prioritised remote and on-site expert specialist support from MWR’s Investigation & Incident Response Team. Incidents do not have to be related to ransomware and you can engage MWR’s experts to investigate any compromise, regardless of size or scale. This provides your business with the assurance it will receive expert support whenever an emergency response situation arises.

“The intricacies of ransomware demand more than just technology to contain its effects.”

In a crisis situation, it is essential for any organization to ensure it can rapidly respond to, and contain, an information security or data breach incident. In addition to RansomFlare, MWR’s Ransomware Prevention & Response solution includes our remote response capability, enabling the MWR Incident Response team to rapidly and remotely gather the necessary artefacts to support an investigation and intervene with containment measures implemented in the field, regardless of where your endpoints are geographically located.

MWR Website Graphics AW 04.2 

Solutions that include RansomFlare

RansomFlare is deployed with our detection and response services as the intricacies of ransomware demand more than just technology to contain its effects. Depending on your specific needs, the following MWR services provide ransomware protection. 

MWR Website Graphics AW 05.2

“Ransomware has become the leading cyber security threat to organizations and its ability to disrupt business and mask the true intentions of attackers is a massive cause for concern.

RansomFlare is designed to stop ransomware attacks as soon as they are identified. Our agents then immediately intervene to protect clients’ data and the targeted endpoint.”

Paul Pratley, Head of Investigations & Incident Response, MWR

To receive further information regarding MWR's solutions to the threat of ransomware, please fill in your details below.


MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 14001 in the UK, an internationally accepted standard that outlines how to put an effective environmental management system in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by CESG for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.