Copyright (C) 2025 Arete Advisors, LLC. All rights reserved. Unauthorized use is prohibited.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 44 106" xmlns="http://www.w3.org/2000/svg"><path d="M 21.5 105 C 9.626 105 0 95.374 0 83.5 L 0 21.5 C 0 9.626 9.626 0 21.5 0 L 21.5 0 C 33.374 0 43 9.626 43 21.5 L 43 83.5 C 43 95.374 33.374 105 21.5 105 Z" fill="transparent" height="105px" id="MHuIYnyNj" stroke-dasharray="" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10" stroke-width="1" stroke="rgb(205, 213, 223)" transform="translate(0.5 0.5)" width="43px"/><path d="M 6.657 56.707 C 7.047 57.098 7.681 57.098 8.071 56.707 L 14.435 50.343 C 14.826 49.953 14.826 49.319 14.435 48.929 C 14.044 48.538 13.411 48.538 13.021 48.929 L 7.364 54.586 L 1.707 48.929 C 1.317 48.538 0.683 48.538 0.293 48.929 C -0.098 49.319 -0.098 49.953 0.293 50.343 Z M 7.364 0 L 6.364 0 L 6.364 56 L 7.364 56 L 8.364 56 L 8.364 0 Z" fill="rgb(205, 213, 223)" height="56.999974475097666px" id="hbU4_MxXm" transform="translate(14.636 25)" width="14.727950000000007px"/></svg>)
Keep scrolling as you move through the simulation
Greg Thompson
IT Support Desk
12:05am
Status
Assigned to: Greg Thompson
Board
IT Support Desk
Cannot sign in to computer.
Urgent Ticket
3 Minutes Ago
11:00 AM
10/05/2021
24°C
Sunny
Your network has been penetrated by Obsidian Wraith.
All files on each host in the network have been encrypted with a strong algorithm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation.
No decryption software is available in the public.
Loading remote desktop...
Day 1
12:08am
What if you discovered that a threat actor breached your environment and is demanding a ransom?
As a part of Arete’s Incident Response Retainer, you can activate Incident Support, which allows us to rapidly construct work streams together.
This gives your organization confidence in the response process, helping to reduce your risk of violating US or international law.
Arete Bloktd℠ is part of the Arete Intelligence (Ai) suite of cyber products and services. It empowers SentinelOne products with rapidly developed threat detection capabilities formulated in the midst of Incident Response matters that act autonomously in seconds to proactively identify threats and prevent cyberattacks.
Bloktd℠ contained the threat on the target end point and was deployed to all of your other end points to preemptively contain and eliminate the same attack.
Within hours Arete deploys Bloktd℠, a part of the Arete Intelligence℠ suite, through SentinelOne’s EDR platform.
Day 1
1:45am
Arete experts leverage data collected from thousands of incident response engagements, malware reverse engineering, external intelligence sources, and active engagements to determine the validity of these claims.
It’s been discovered that although the files have been encrypted, the client’s backups were only partially deleted due to incomplete encryption coverage from the threat actor’s ransomware.
The good news is short lived, as a quick recovery is no longer an option. Your business is at risk of closure and hundreds of jobs lost. Working with Arete, you determine the best option is to begin threat actor communications.
Next, Arete must confirm the threat actor’s identity. Knowing this will help with recovery, forensics, as well as potential negotiations.
Day 1
2:00am
Arete has threat intelligence data on over 400 threat actor groups.
Arete has negotiated with Obsidian Wraith many times on behalf of its clients.
Using Arete Intelligence℠, Arete is able to effectively verify the claim that this group is Obsidian Wraith and found no sanctionable activities associated with the group.
Obsidian Wraith
Arete
Day 1
2:15am
With the threat actor identity claim verified, Arete leverages it’s database of organic and third-party decryptors to see if any can decrypt your data.
Day 1
2:30am
After exhausting all options to find a matching decryptor, Arete continues communication with the threat actor to verify that they have an effective decryptor before negotiations take place.
The threat actor successfully proves they have the ability to decrypt your organization's data.
With the your organization's increasing business impact and growing costs, all stakeholders agree to Arete proceeding with the negotiation and payment facilitation process in direct compliance with:
• The US Bank Secrecy Act
• US Treasury's Office of Foreign Assets Control (OFAC)
• Anti-money laundering laws
• Counter-terrorist financing laws
• Other sovereign nations’ compliances
Due to the discovery of the incomplete encryption coverage as well as many previous negotiations with this threat actor, Arete was able to significantly reduce the ransom amount.
Now that the ransom amount is agreed upon, the threat actor provides the decryptor once Arete facilitates payment with proper regulatory compliance on behalf of your organization.
Day 1
3:00am
Day 1
5:00pm
Arete works alongside you, your insurance carrier, and your legal counsel to see your organization's restoration through to completion.
Day 1
6:00pm
Shortly before restoration efforts are concluded, Arete Bloktd℠ identifies an undiscovered device come online that was infected with the same malware.
...but Arete Bloktd℠ eliminated the threat, neutralizing a reinfection by the same threat actor.
Day 1
8:00pm
Thanks to Arete's Retainer program, your team's incident response process is bolstered by real-life experiences guided by our experts and customized to your organization.
This means
• Your time to recovery is reduced.
• Your retainer reduced costs for your organization and your carrier.
• Your team made informed legal compliance decisions.
How are you protecting your organization from the rapid increase in cyberattacks and the costs associated with them?
Don’t go at this alone.
Learn about Arete's Retainer Program
Contact Arete
Experiencing a breach?
• Reduce business interruption costs.
• Government compliance and regulatory adherence.
• Increase contract longevity.
Contact Arete 911
Disclaimer
This presentation and website is provided for informational and illustrative purposes only and does not constitute an offer, solicitation, or recommendation to buy or sell any product or service. The information contained herein is believed to be accurate as of the date of publication; however, Arete Advisors, LLC makes no representations or warranties, express or implied, as to the completeness or accuracy of the information presented. All product descriptions, performance metrics, and projections are for demonstration purposes only and are subject to change without notice. Actual results may vary based on a variety of factors, including but not limited to market conditions, user practices, and regulatory changes. Nothing in this presentation or website should be construed as legal, financial, or professional advice. Viewers are encouraged to consult with appropriate advisors for guidance specific to their individual circumstances. By viewing or downloading this presentation, you agree that Arete Advisors, LLC shall not be held liable for any damages or losses resulting from the use of or reliance upon the information contained herein. (C) 2025 Arete Advisors, LLC. All rights reserved. Unauthorized use is prohibited.
Day 2
9:00am