Ransomware Readiness Assessment
Ransomware and the associated cyber extortion threat is a common and growing risk faced by organisations. Sekuro’s Ransomware Readiness Assessment’s enable your organisation to understand gaps and remediate ransomware exposure risk.
Ransomware Readiness Assessment - Why is it Useful?
A ransomware attack can be catastrophic. Recent research by Sekuro Partner, Rubrik, indicates that CISOs recognise ransomware as the #1 threat they face, and that no relief is in sight with 69% of respondents considering it likely they will be successfully hit at least once in the next year.
- Ransomware will cost its victims more around $265 billion (USD) annually by 2031, Cybersecurity Ventures predicts, as perpetrators progressively refine their malware payloads and related extortion activities. The dollar figure is based on 30 percent year-over-year growth in damage costs over the next 10 years.
- It is estimated that an organization suffered a ransomware attack every 11 seconds in 2021, according to Cybersecurity Ventures, and it is expected there will be a new attack on a consumer or business every two seconds by 2031.
- Ransomware attacks on healthcare organizations were predicted by Cybersecurity Ventures to quadruple from 2017 to 2021 and 2022 is expected to continue trending up.
- Every week, an aviation actor suffers a ransomware attack somewhere in the world.
- CNA Financial, one of the largest insurance companies in the U.S., reportedly paid hackers $40 million, the largest ransom ever, after a ransomware attack blocked access to the company’s network and stole its data, according to a report from Bloomberg.
What is a Sekuro Ransomware Readiness Assessment?
A Sekuro Ransomware Readiness Assessment involves the following tasks:
- Unauthorised internal Active Directory enumeration, escalation, and lateral movement activities
- Authorised internal Active Directory enumeration, escalation, and lateral movement activities, via a Standard Operating Environment (SOE) Windows machine and associated Domain User account
- Privilege escalation activities on an SOE Windows machine from the perspective of a Domain User
- Ransomware technical control assessment on an SOE from the perspective of a Domain User
- Organisation-wide email account breached password assessment
- Network share assessment to identify sensitive or exploitable data accessible to end-users based on key phrases
- Controlled and custom non-destructive ransomware deployment to a specific pre-defined Windows system to simulate encryption of data and test technical response
The assessments are based on real-world Tactics, Techniques, and Procedures (TTPs) utilised by ransomware adversaries and cyber-criminal organisations to compromise and deploy ransomware throughout corporate Windows environments.
What happens after the Sekuro Ransomware Readiness Assessment is completed?
Upon completion of the Sekuro Ransomware Readiness Assessment, a detailed report which outlines prioritised, actionable remediation activities to increase ransomware resilience will be provided. The report will focus on risk, based on the known and assumed actions of ransomware adversaries and cyber-criminal organisations.
Sekuro can be engaged by your organisation to further address any identified gaps or vulnerabilities through our Offensive Security, GRC, or Technology and Platform teams.