Ransomware Threat Response

Ransomware has become the method of choice for criminal hacking groups to quickly monetize a compromised organization.  By deploying a ransomware payload, the attacker cuts out the middleman – eliminating the need to sell stolen data, like identities or credit card information - on the underground market.  With ransomware, their (potential) payoff comes directly from the source.  It is reported that Ransomware attacks were up 50% in 2016 from 2015 making ransomware attacks a billion-dollar industry. Their attacks continue to grow in 2017 with high profile organizations being held hostage with ransomware that is holding their IP hostage as cyber extortion.

Ransomware is most often deployed through spear-phishing attacks.  Recent attacks have leveraged worm-like propagation techniques that exploit unpatched software / operating systems to spread.  There are many fundamental elements of network security and best practices that organizations should be employing to address vulnerable systems and protect their network. But with the increasing prevalence of ransomware we are hearing common themes from prospects and clients:

  • I’m afraid it’s going to happen to us.
  • Maybe we’ve been exploited and the payload hasn’t been launched.
  • Has it happened and we don’t know? Or is there residual risk?

Ransomware Prevention and Recovery Services

  • Ongoing scanning services – a component of a vulnerability assessment program, you can be notified when a scan comes across out-of-date or unpatched software on your system.
  • Network architecture review – a cyber engineering service that can evaluate and optimize or redesign and build your network to be more resilient to ransomware attacks.
  • Paying the ransom – if you’re compromised, do you know how to obtain Bitcoin, setup a paying server on the dark web? If your risk management process points to paying a ransom, we can assist in this effort.
  • Root cause analysis – digital forensics services can evaluate your environment to identify how your organization was compromised and provide remediation guidance or services to remove the identified vulnerability or vulnerabilities.
  • Threat hunt operations – we can evaluate your network for hidden threats – ransomware that hasn’t executed, yet – or other indicators of compromise and presence of another malware.
  • Training and awareness programs – training your staff to recognize social engineering / phishing attacks.

These services can be contracted independently or all together to evaluate your system for vulnerabilities, indicators of compromise or hidden malware waiting to execute.