Ransomware Readiness

Many ransomware readiness assessment (RRA) services on the market are compliance and auditor driven. There’s nothing wrong with that and it may be required in some situations.

Our RRA are technical assessments and were born from our DFIR experience responding to many ransomware cases. We conduct real-world attacks that include:

  • Initial access via external attacks. Can we gain access to your internal network from the external perimeter? This includes attacking your remote access solution and attempting password spraying against your end users.
  • Professional grade spear-phish for initial access. This isn’t Knowb4 or Microsoft’s attack simulation tool. There is no whitelisting.
  • Endpoint resilience to a large volume of diverse attack payloads. We measure where your strengths and weaknesses are and can help you write custom detection rules to fill any gaps.
  • Review your backup architecture. This is a technical discussion to verify your backup architecture doesn’t make it possible for criminals to permanently deny access to your data.
  • Identity attacks. If you’re using Active Directory, Okta, Jumpcloud, or some other identity and directory service, we’ll work hard to compromise it.
  • Network segmentation architecture review. This is a technical discussion to verify segmentation is in place and is effective.
  • Ransomware simulation drill. We run neutered ransomware on an endpoint that triggers TTP that are classified as ransomware. This is a blind test that verifies your detections are effective, and to measure your respond time and procedures.

All project components are delivered by senior experienced Red Teamer members closely familiar with modern ransomware groups' tactics.

You’ll receive a report detailing how you did and will document any gaps and how we recommend addressing them. In many cases, we can assist correcting issues or introduce you to someone else that can.

This service can be tailored. Some clients already know their gaps and benefit more from us focusing on hardening and improving detections. In these cases, we bring in members from our Red Team and MDR team to implement hardening and develop detections, while the Red Team launches attacks validating the hardening effectiveness.