External cyber risk management tools company Searchlight Cyber Ltd. announced the release of Ransomware File Explorer, a new capability within its Cerberus investigation platform. The feature provides searchable visibility into file tree data published on ransomware leak sites, aiming to help security teams assess potential data exposure more quickly and with greater clarity.
New Visibility Into Ransomware Leak Site Data
Ransomware File Explorer is designed to help analysts determine whether sensitive documents, personally identifiable information, or intellectual property may have been exposed during a ransomware incident. The tool focuses on file tree data shared by ransomware groups on their leak sites, which often publish structured lists of stolen files as part of extortion efforts.
By ingesting and indexing this file tree data directly into the Cerberus platform, Ransomware File Explorer allows analysts to search across multiple ransomware leak sites using file names and directory structures. This approach reduces the need for teams to manually review disparate sources or navigate inconsistent formats used by different ransomware groups.
Searchlight Cyber said the feature also supports early detection of exposure linked to third-party or supply chain incidents. Organizations may be affected indirectly when a partner, supplier, or affiliate is targeted, even if they are not the primary victim of an attack. The ability to search leaked file structures can help identify such exposure earlier in the investigation process.
Faster Incident Assessment and Broader Risk Awareness
Ransomware File Explorer has been developed to avoid the need for security teams to access or process ransomware archives directly. Instead, analysts can review file structure data in a controlled environment within Cerberus. This allows teams to assess potential impact more quickly and prioritize response actions based on the types of files that appear to have been taken.
The tool also aims to improve the speed of incident response by enabling early assessment, even in cases where a breach has not yet been disclosed by an affected partner. Automated alerting and rapid file name search help teams focus on relevant data without extensive manual effort.
According to Searchlight Cyber, the process of reviewing ransomware leak site data has traditionally been time consuming for internal teams. Differences in how ransomware groups publish information can slow analysis and complicate comparisons across incidents. Centralizing this data into a single searchable platform is intended to streamline that work.
Dr. Gareth Owenson, co founder and chief technology officer of Searchlight Cyber, said the ransomware environment continues to expand, with more active groups and a growing number of victims. He noted that the new capability is intended to help organizations understand when they may be affected by the wider impact of a ransomware attack, even if they are not the direct target.
The feature is available to enterprise security teams and managed security service providers using the Cerberus platform. It is positioned as part of a broader effort to support investigation workflows and provide earlier insight during ransomware related incidents.
Searchlight Cyber is a venture capital funded startup that focuses on external cyber risk and threat intelligence. The company raised external capital in January 2024, including a strategic growth investment led by Charlesbank Capital Partners. The release of Ransomware File Explorer reflects continued development of its investigation platform as ransomware activity remains a key concern for organizations managing cyber risk.
