Ransomware Readiness Audit

Ransomware is a form of malware that encrypts files on a target system rendering it inaccessible to users. Threat actors then demand a ransom payment in exchange for a decryption key to unlock the data. Delivered through attack vectors, malware has a significant impact on business operational processes by denying access to data needed to do business.

Whilst it has been around for a while, ransomware has evolved over the last several years becoming far more sophisticated, easier to use and accessible to less skilled threat actors, so is more prevalent on the threat landscape. The financial and reputational impacts of a ransomware attack can be significant, so the risk should be treated accordingly. But you knew all of that.

What you may not have known is the levels of ransomware threat can greatly be reduced by implementing and adhering to some basic risk management principles and processes. In short, the best way to protect your business from ransomware is to prevent it from happening in the first place. So…can you?

Risk Crew has designed a simple and effective service to answer that question by testing your business’ ransomware threat “readiness” for a ransomware attack and its ability to recover from one – in the event it fails. The service is based on industry established best practices – that actually work – and includes simulated ransomware attacks to test your real-world response capability.

Risk Crew use a comprehensive real-world attack testing methodology for assessing your business’ vulnerability to ransomware.

Features and Components

Our service is based upon the NIST Cybersecurity Framework approach and is comprised of the following five components:

Step 1: Identify

Risk Crew will begin by identifying, locating and classifying the business’s critical assets (both informational and digital) and confirming these with you.

Objective: Where could a ransomware infection significantly hurt the business?

We will then conduct a ransomware vulnerability assessment against known risk scenarios identifying and documenting all existing anti-malware controls and mapping them to the confirmed business assets to verify the applicability and any detect gaps in protection.

Objective: Are current controls applicable?

Risk Crew will also survey and benchmark the business’s current level of security awareness of the threat of ransomware, its methodology and potential entry points into the organisation.

Objective: Does the business understand the threat?

Step 2: Protect

Risk Crew then assess the effectiveness of the existing controls and processes implemented to mitigate an attack. These would typically include assessing:

Data Back-up Methodology
Network Segmentation
Web Protection
Mail Protection
User Permission & Awareness
Servers & Endpoint Configuration
Change & Patch Management Processes

Upon completion, Risk Crew conducts 10 different simulated ransomware infection attacks to evaluate your business’ current controls against real-world threat attack scenarios.

Objective: Are current controls effective against a real ransomware attack?

Step 3: Detect

Risk Crew then assess how quickly your system and users detect the simulated attacks and report them to the appropriate business division or point of contact.

Anti-malware security software and hardware products would also be assessed.

Objective: How quickly can your business identify an attack?

Step 4: Respond

Next, Risk Crew assess the business’s response to the simulated ransomware attacks. This is done through a table-top walk-through of the existing Incident Response Plan and monitoring the “live” exercise.

The business Incident Response Plan and procedures are specifically assessed for efficiency and effectiveness. Team members are assessed for their execution of the plan and their professional skills and experience.

Objective: Does the business have the capability to appropriately respond to a ransomware attack?

Step 5: Recover

Finally, Risk Crew audit the business’ capability to recover from the simulated ransomware attacks. This is also done through table-top walk throughs of the existing Business Continuity and Disaster Recovery (BC/DR) plans to confirm their applicability to conditions resulting from the “live” exercise.

System back-ups are verified and documented business impact assessments (BIAs) are also assessed for their relevance and accuracy.

BC/DR vendor solutions are also evaluated for efficiency and effectiveness in this final phase.

Objective: Does the business have the capability to recover from a ransomware attack quickly and thoroughly?

This step is critical as it confirms the actual attack surface associated with the application.

The Benefits

The service results in comprehensive reporting detailing your business’s capability to identify, minimise and manage the risk of a ransomware attack along with cost-effective recommendations for significantly improving your defensive capability.

The Risk Crew Ransomware Readiness Audit also provides the following tangible business benefits:

✓ Significantly reduces the likelihood of a ransomware attack disrupting your business operations

✓ Minimises business disruption in the event of an attack, reducing downtime

✓ Mitigates regulatory, compliance and reputational impacts resulting from an attack

✓ Reduces cyber-insurance costs

✓ Improves current security readiness policies and procedures

Why Choose Risk Crew

Risk Crew security consultants possess over 30 years of hands-on skills and experience in malware, and designing and testing incident response, business continuity and disaster recovery plans. It’s what we do. We: think deeply, question assumptions, determine cause and effect and always deliver measurable results.

We believe that you should accept nothing less. So much so if you are not happy, with our services, you are not charged. Who else does that?

Best Practice

Risk Crew follows best practices including ISO 27001, PCI, Data Protection Act 2018 and the GDPR

Accredited

ISO 27001 and Cyber Essentials Plus certified

Certified

Consultants hold CISSP, CISA, CISM and CRISC certifications

Experienced Practitioners

Risk Crew has over 30 years of practical knowledge

Dealing with ransomware just takes the right crew – the Risk Crew. Turn here for results.

Request a Quote

Our experts will contact you to discuss your specific requirements

Frequently Asked Questions

What is ransomware?

Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom payment from the victim to restore access to the data usually in the form of cryptocurrency. Victims are provided instructions for payment with the promise that data will be decrypted upon receipt of the payment.

Can ransomware be removed?

It depends on the type of ransomware. Sometimes common and older ransomware decryption keys can be obtained from previous victims making them available on the Internet. However, ransomware is constantly evolving with increasing levels of encryption. The first response to ransomware should be to remove the infected install and implement your backup. Attackers understand this however and target backups.

How common are ransomware attacks?

In 2020, threat actors carried out more than 4,000 attacks daily. 1 in 3,000 emails that passed through filters contained malware. There was a 19-day downtime following a ransomware attack. It is estimated that in 2021, ransomware attacks against businesses will occur every 11 seconds and the global cost associated with ransomware recovery will exceed $20 billion.

What is the average ransomware ransom payment?

In 2020, the average ransomware payment made by a victimised organisation was $233,217.00 USD.

Should we pay the ransom?

Good question. Law enforcement agencies recommend that you do not. While it is not generally illegal to do so, there is absolutely no guarantee that the attacker will decrypt your data upon receiving payment. Ethics notwithstanding, the answer is ultimately a business decision and may depend on a cost-benefit analysis.

Ransomware Readiness Assessment