Ransomware Preparedness Assessment
Kroll’s ransomware preparedness assessment helps companies protect themselves against ransomware attacks by examining 14 crucial security areas and attack vectors.Contact Us
Ransomware attacks on enterprises of all sizes across virtually every industry sector are on the rise. As of 2021, at least one business became infected with ransomware every 11 seconds, all contributing to a global cost of $20 billion a year.
From Kroll’s perspective, we know that every organization can be a victim because a successful ransomware attack is within the reach of cybercriminals everywhere.
Some threat actors are meticulous planners, deftly mapping internal networks to identify core business functions and sensitive data storage, even going so far as to research a company’s financials to gauge how big a ransom they can afford to pay. At the other end of the spectrum, creators of “ransomware-as-a-service,” who simply demand a percentage of the ultimate ransom, have opened doors for an entirely different class of cybercriminals who can now launch attacks with minimal risks against a wider range of targets.
Proactive Preparation Is the Best Protection Against Ransomware
While it is nearly impossible to prevent all ransomware attacks, security and risk management professionals can take proactive steps to neutralize or mitigate their harm. Basic cyber hygiene remains critical. First, businesses must take the time to accurately document the entire configuration of their network on regular basis.
When a local government was victimized by ransomware, it impacted the municipality’s police and fire dispatch systems, online utility payment system, centralized accounting system and many other critical segments on its network. Unfortunately, the IT director was unaware of how many servers were on the network. This lack of awareness delayed the initial remediation, especially when combined with limited viable backups for restoration.
– Matthew Dunn, Associate Managing Director, Cyber Risk.
Second, data mapping inventories are more important than ever. In recent years, many ransomware actors have started threatening to release stolen data to increase the pressure on victims to pay the ransoms. Almost overnight, ransomware attacks morphed from mainly expensive operational disruptions to crises fraught with regulatory data privacy and breach notification regulations. For companies looking to minimize risk, it is imperative for them to know what kind of data they have in their possession and everywhere it is collected, used and stored.
Ransomware Protection: 7 Key Steps
In our experience, there are seven fundamental security steps companies can take to immediately add layers of protection from ransomware:
- Institute least privilege policies for data/system access
- Delete unused email addresses
- Implement and enforce strong password policies
- Use multifactor authentication
- Create, update, segregate and protect viable backups
- Whitelist safe applications
- Accurately and regularly map network configurations
Responding to Ransomware
In the event that ransomware strikes, organizations should already have response plan that includes these six immediate steps:
Identify the Infection
The type of infection which sometimes is stated in an attacker’s ransom communications, but can also be determined from numerous open-source sites. Kroll can also help pinpoint the type of ransomware as well as any other malware and persistence mechanisms still present in the system.
Isolate Impacted Systems
Remove the impacted systems from other computers and servers on the network and disconnect from both wired and wireless networks.
Retain Log Data
Timely action is often necessary to retain any potentially relevant event data for a subsequent investigation.
Think Before You Pay
This involves decision-making processes that should already be outlined in your incident response plan. Victims should also contact their cyber insurance carrier to inquire about ransomware coverage.
Restore systems and ensure your organization has prioritized effective backup policies and protocols.
14 Key Security Areas of a Ransomware Readiness Assessment
Kroll’s ransomware preparedness assessment can help companies identify where their defenses are strong and any vulnerabilities that may be exploited by ransomware actors. Our methodology focuses on the cyber kill chain, a comprehensive examination that includes remote access configuration, phishing prevention, email and web protections, access controls and endpoint monitoring and end user awareness.
As part of our assessment, we will provide a prioritized, customized set of recommendations to help the organization deflect, detect or respond more effectively to a ransomware attack.
Ransomware Controls, Processes and Technologies
Kroll cyber experts will first focus on controls, processes and technology solutions to lower the risk of ransomware-based attacks. During this step, we will:
- Analyze relevant firewall and network device configurations to identify security weaknesses
- Review user activity logging and audit configurations to aid potential investigative efforts
- Review existing network and endpoint security monitoring solutions and processes
- Evaluate email and web filtering options and configurations to block phishing attacks and malicious payload delivery
- Review access and privileged access controls and processes
- Evaluate vulnerability and patch management controls and processes
Remote Technical Interviews
Kroll will also interview technical team members to assess any secondary defensive measures that might be in place to protect against email-based attacks. This review will include:
- Remote access controls
- Email and web controls
- Application whitelisting and audit controls
- Endpoint protection controls
- Employee awareness and training
- Backup and audit logging controls
- Incident response planning
- Business processes connected to vendor management
A Solid Foundation to Protect Against Ransomware
In our experience, ransomware protection starts with the adoption of fundamental security practices bolstered by some more advanced strategies informed by data we collect on the frontline. With Kroll’s help, a company can build smarter defenses, close gaps, strengthen vulnerabilities, better safeguard sensitive data and more quickly respond and recover from an attack. Call Kroll today for a customized ransomware protection assessment.