Select Page

Ransomware Readiness: Practice Makes Progress

by | Jun 15, 2022 | Security

Already at record high levels, ransomware attack volumes are continuing to rise. According to the latest Verizon Data Breach Investigations Report, 2021 saw a year-over-year increase in the total number of ransomware attacks that was greater than all the growth that took place over the last five years combined. And the number of publicly disclosed ransomware incidents in 2022 so far has climbed higher still.

 In a never-ending competition against the technical safeguards that businesses invest in, these attacks are ever more complex and sophisticated as ransomware is the primary method of monetizing a network breach. BlackFog reports that as many as 80% of ransomware attacks (encrypting & destruction of data) also include the theft and exfiltration of data in a so-called “double extortion attack,” Increasing the likelihood that a victim will pay up.

Is your organization at risk from a ransomware attack? What would happen if one of your employees was fooled by a social engineering effort and accidentally permitted an attacker onto your network?  How far could the malware spread before it was detected by your security team? How much damage would it do? How well would your Incident Response and Business Continuity teams coordinate the recovery?  Have they ever actually practiced this, or are we waiting for an actual incident to find out?

Undergoing a ransomware exposure assessment  is a hybrid risk measurement and technical simulation, purposefully developed to provide  both business and security leaders clear answers to these questions. You’ll be able to see exactly the cascading impact of ransomware in your environment, leading to a list of Lessons Learned and Remediation Actions without crisis. Simply going through the process will reveal insights into your team and strengthen their readiness to face today’s most prevalent and damaging cyber threats.

How Do Ransomware Simulations Work?

Many organizations are familiar with penetration tests (short-term engagements in which testers try to gain access to your environment as an attacker would, usually by exploiting software vulnerabilities or social engineering tactics, then moving about the network seeking access to critical business data).

Ransomware simulations take preparedness a step further by combining the most valuable elements of Pen Tests, Tabletop Exercises, and Risk Assessments into a single deliverable.  We rely on software that emulates the behavior of ransomware, viruses, or other selected malware, simulating a live infection within your environment.  This type of assessment can show you which parts of your defenses work well — and which would likely fail in a real-world attack.

The result might be one of the following:

  • The malware would be instantly blocked by your antivirus or endpoint protection software.
  • The malware would be able to bypass your antivirus software but would be flagged as malicious by your security monitoring team.
  • Nothing would stop or detect the malware, which could go on to read and write to multiple file shares on your network, encrypting and/or exfiltrating without limits.

This type of simulation will validate that your endpoint protection solution and your security monitoring service. It can also reveal gaps in your defenses that you may not have known about.

What You Can Learn from a Ransomware Simulation

The lessons that ransomware simulations can teach security stakeholders often extend far beyond the simple question of “Are we vulnerable to a ransomware attack?” Many times, these exercises reveal that organizations’ networks include vulnerable assets that they were entirely unaware of; an over-permissioned file server in a subdivision of a newly acquired business unit, for instance. Or they may show that network segmentation wasn’t accomplished as thoroughly as stakeholders might have thought (Is that Guest WiFi really isolated from all the internal networks?) It is an exercise in asset discovery that not only gives security stakeholders an accurate, in-the-weeds view of vulnerabilities, but it can also help them make an evidence-based decision about where to invest their time and resources when it comes to risk mitigation.

In today’s world, where ransomware operators are both abundant and sophisticated, an attack simulation will give you the specific, highly relevant information you need to effectively prioritize your remediation efforts and strengthen your team. Attackers are always trying new things; if you’ve been doing annual penetration tests year after year (and especially if the same issues keep surfacing), it may be time to try a different approach.

Here at Netrix, we’re proud to provide an extensive array of threat assessment services that are precisely tailored to meet our clients’ needs and provide clear, actionable results. Want to know more about how we can help you eliminate weak points and improve your overall security posture? Schedule a free, no-obligation consultation with one of our threat assessment experts today.