Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.

Contact Cyber Experts
/en/services/cyber-risk/assessments-testing/ransomware-preparedness-assessment service

Kroll’s 2019 cyber casework supports global statistics: ransomware attacks on enterprises of all sizes across industry sectors are on the rise. "Worldwide, ransomware is expected to infect a business every 11 seconds and projected to cost over $20 billion in 2021"1. From our frontline vantage point, we know that every organization can be a victim because a successful ransomware attack is within the reach of cybercriminals everywhere.

Some threat actors are meticulous planners. They deftly map out internal networks to identify core business functions and sensitive data storage, even going so far as to research a company’s financial results to gauge how much they can afford to pay. At the other end of the spectrum, creators of “ransomware-as-a-service,” who simply ask for a percentage of the ultimate ransom, have opened the door to another class of attackers to pursue attacks with minimal risks against a wider range of targets.

Proactive Preparation Is the Best Protection Against Ransomware

While completely preventing ransomware attacks is nearly impossible, security and risk management professionals can take proactive steps to neutralize or mitigate their harm. Basic cyber hygiene remains fundamental. First, that means taking the time to accurately and regularly document the entire configuration of your network.  

 

When a local government was victimized by ransomware, it impacted the municipality’s police and fire dispatch systems, online utility payment system, centralized accounting system and many other critical segments on its network. Unfortunately, the IT director was unaware of how many servers were on the network. This lack of awareness delayed the initial remediation, especially when combined with limited viable backups for restoration.
Matthew Dunn, Associate Managing Director, Cyber Risk.

Second, data mapping inventories are more important than ever. Starting last year, many ransomware actors threatened to release stolen data to pressure victims into paying ransoms. Almost overnight, ransomware attacks morphed from mainly expensive operational disruptions to crises fraught with regulatory data privacy and breach notification issues. Knowing what kind of data you have and everywhere it is collected, used and stored is imperative.

In Kroll’s experience, six fundamental security steps can deliver immediate layers of protection from ransomware:

  • Institute least privilege policies for data/system access
  • Delete unused email addresses
  • Enforce strong password policies
  • Implement multifactor authentication
  • Create, update, segregate and protect viable backups
  • Whitelist safe applications
  • Accurately map network configurations
 

In the event that ransomware strikes, organizations should have a plan to take immediate action with six response steps that include:

  • Isolate impacted systems from other computers and servers within the network and disconnect from both wired and wireless networks.
  • Identify the infection, which sometimes is stated in the ransom note, but can also be determined from numerous open-source sites. Kroll can also help pinpoint not only the ransomware type, but any other malware and persistence mechanisms still present in your environment. 
  • Report the incident to the appropriate local law enforcement agency – e.g., in the U.S., that’d be your local FBI field office or through the FBI Internet Crime Complaint Center, the police or the national Action Fraud website for the UK, or via the ReportCyber website for Australia.
  • Think before you pay, which involves decision-making processes that should already be outlined in your incident response plan. If applicable, contact your cyber insurance carrier for any ransomware-related coverage. 
  • Retain log data! Because many log types roll off quickly, timely action is necessary to retain any potentially relevant event data for subsequent investigation.
  • Restore systems and ensure your organization has prioritized effective backup policies and protocols.

 
14 Key Security Areas of a Ransomware Protection Assessment

Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment aims to identify where your defenses are strong and where vulnerabilities exist that ransomware actors can exploit. Our methodology focuses on the cyber kill chain, a comprehensive examination that includes remote access configuration, phishing prevention, email and web protections, access controls and endpoint monitoring and end user awareness. At the end of our assessment, we will provide you with a prioritized, customized set of recommendations to help your organization deflect, detect or respond to a ransomware attack.

Kroll cyber experts will first focus on controls, processes and technology solutions to reduce the likelihood of ransomware-based attacks. During this step, we will:

  • Analyze relevant firewall and network device configurations for security weaknesses 
  • Review user activity logging and audit configurations to aid potential investigative efforts
  • Review network and endpoint security monitoring solutions and processes
  • Evaluate email and web filtering options and configurations to prevent phishing attacks and malicious payload delivery
  • Review access and privileged access controls and processes
  • Evaluate vulnerability and patch management controls and processes 
 

Kroll will conduct up to four remote interviews with technical teams to assess the secondary defensive measures in place to protect the organization against email-based attacks. This review will encompass:

  • Remote access controls
  • Email and web controls
  • Application whitelisting and audit controls
  • Endpoint protection controls
  • Employee awareness and training
  • Backup and audit logging controls
  • Incident response
  • Business processes related to vendor management

 

A Solid Foundation to Protect Against Ransomware

In Kroll’s experience, ransomware protection starts with fundamental security practices bolstered by customized strategies informed by what we are seeing on the frontline. With Kroll’s help, your organization can build smarter defenses, close exploitable gaps, better safeguard sensitive data and more quickly respond and recover from an attack. Call Kroll today for your customized ransomware protection assessment.   

Source

1 Cybersecurity Ventures - cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-20-billion-usd-by-2021/ - accessed 04/20/20

Increased Cyber Resilience with a Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Connect with us

Jason N Smolanoff
Jason N. Smolanoff
President, Cyber Risk
Cyber Risk
Los Angeles
Phone
Andrew Beckett
Andrew Beckett
Managing Director
Cyber Risk
London
Phone
James McLeary is an associate managing director in the Cyber Risk practice of Kroll, a division of Duff & Phelps, based in Hong Kong.
James McLeary
Managing Director
Cyber Risk
Hong Kong
Phone

See all servicesStay Ahead with Kroll

Valuation

Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.

Corporate Finance and Restructuring

Comprehensive investment banking, corporate finance, restructuring and insolvency services to investors, asset managers, companies and lenders.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Environmental, Social and Governance

Advisory and technology solutions, including policies and procedures, screening and due diligence, disclosures and reporting and investigations, value creation, and monitoring.

Investigations and Disputes

World-wide expert services and tech-enabled advisory through all stages of diligence, forensic investigation, litigation and testimony.

Business Services

Expert provider of complex administrative solutions for capital events globally. Our services include claims and noticing administration, debt restructuring and liability management services, agency and trustee services and more.

Cyber


What is Cyber Threat Hunting? Approaches, Tools and Intel Explained

Sep 28, 2022

by Thomas BrittainScott Hanson George Glass

Cyber


Q2 2022 Threat Landscape: Ransomware Returns, Healthcare Hit

Aug 10, 2022

by Laurie IaconoKeith Wojcieszek George Glass

Cyber


SMB Guide to Cloud Security

Jun 24, 2022

by Louis Muniz, Brett Davido

Webcast


Webcast Replay – Q1 2022 – Threat Landscape Virtual Briefing: Threat Actors Target Email for Access and Extortion

May 18, 2022

News


Kroll Partners with Armis to Extend Preparedness and Response for OT and ICS Environments

May 09, 2022

News


Kroll Named a Cyber Security Services Pacesetter by ALM Intelligence

Oct 28, 2020

News


Kroll Recognized Among Top Managed Security Service Providers Worldwide by MSSP Alert

Sep 29, 2020

Webcast


Breaking Down Threat Modelling Barriers in Agile AppSec

Webinar Oct 13, 2022 | Webinar

Webcast


KAPE Intensive Training and Certification

Online Event Apr 12 - Dec 08, 2022 | Online Event