Ransomware

What Is It?

Ransomware is a form of malware that threat actors use to deny an organisation access to their files and computer systems. This access denial is typically achieved through encrypting files or entire storage disks, with the decryption password or key only being offered after a ransom has been paid to the threat actor, typically via cryptocurrency.

Why Assess It?

There are many reasons to conduct a ransomware security assessment, five of which are below.

Pre-Emptive Action

It is far better to learn about the risks your organisation faces from ransomware and have the time to remediate them than to learn of the vulnerabilities utilised and be left trying to reverse engineer the threat actors code used to encrypt your data, which often is not technically feasible.

Validate Resilience

A ransomware security assessment allows your organisation to validate your incidence response and disaster recovery capability, in a risk free environment followed by an opportunity to improve any areas deemed necessary.

Organisation Wide Viewpoint

Ransomware targets your organisation, not a specific website or service exposed. A ransomware security assessment allows you to look at your organisation as a whole, with a specific focus on ensuring that the likelihood of the deployment of ransomware is reduced but also more importantly that it is unable to take hold and severely restrict your organisations operations.

Refine Policies and Procedures

Policies and procedures are effective tools to regain focus in an adverse security event. These can be refined measurably through conducting a ransomware security assessment, as when a procedure is executed in a real world scenario there are often lessons identified that can be fed back into the policies and procedures.

Threat Actor Insight

Through a ransomware security assessment you will be able to see how a threat actor would gain an initial foothold and their tools tactics and procedures in order to place themselves with suitable access to deploy ransomware and then technically how it would be deployed. The greater understand your organisation has, the more robust its defences can be made to be.

The Agility Cyber Approach

Like all our engagements, we want you to get the most out of your ransomware security assessment and we do this by:

Safe and Controlled

Ransomware can have devastating consequences. We focus on executing objectives in a way which does not impede your organisation, such as demonstrating code execution that conducts the same read and write behaviour that ransomware would but without the irreversible encryption of data.

Multi-Faceted

Our assessment is not solely conducted from a technical basis. We believe there is more value in working with your teams and obtaining both a deeper understanding of how a ransomware attack would work against your organisation as well as sharing our knowledge at every opportunity.

Open Source Intelligence

To understand the threat your organisation faces from a threat actor, we need to look at your organisation the same way. We conduct open source intelligence gathering activities on your organisation to identify areas of weakness that you may not be aware of.

Preparing for the Worst

We work on the basis that a security compromise is a matter of when and not if so that you always have the most protection to keep your organisation functioning. Part of our focus in the assessment is to ensure you have an ability to rebuild any lost infrastructure efficiently and reliably whilst ensuring sensitive systems are compartmentalised to reduce the effects of a ransomware deployment.

Knowledge Sharing

Ransomware deployment is a serious impedance on your organisation but it is only one objective a threat actor could pursue after gaining an additional foothold. We want to uplift your whole security capability so add additional value by showcasing the wider threat actor viewpoint and how other attacks can be mitigated at the same time as the ransomware threat.

Benefits of Partnering with Agility Cyber

Mutually Invested

Our experts work with you, not against you. There are no egotistical celebrations when a serious issue is discovered, just rapid full disclosure with pragmatic suggestions for effective remediation followed by ongoing support.

Clarity and Simplicity

We always provide clarity, believe in simplicity and value your time. An example is rather than waiting until the engagement starts, we will conduct open source intelligence gathering activities before the scoping meeting to help us understand your organisations position and risk posture thus enabling us to ask better questions, securing you higher value and saving you time.

Full Consultancy

Our team, based in the UK, is technically exceptional but we pair that with business sense to discover, triage and help you remediate the full range of security issues.

Impartiality

We are impartial, we do not sell you products or the latest buzzword laden trending solution.

Outstanding Service

We have an industry leading turnaround, agility is in our name after all. Proposals are shared with you within 24 hours of the scoping meeting. Accurate and complete daily debriefs are given during every engagement. The report is shared within 5 working days at the latest.

Scroll to Top