Ensuring Security Against Ransomware Threats

01 Jun 2020
Book your demo now >
Aviv Cohen CMO at Pentera
Back to top

Ransomware is a topic that regularly comes up when I speak to CISOs and information security leaders, understandably so as recent reports have highlighted two growing themes. Firstly, Covid-19 has resulted in an uptick in campaigns dropping ransomware and secondly, the direction has shifted to more targeted campaigns against larger organizations (both per the NTT 2020 Global Threat Intelligence Report).

There is no denying the impact a successful ransomware attack can have on an organization, not only in terms of the financial and reputation hit but also the effects of service disruption. If you consider some of the organizations across the globe that have fallen victim to ransomware, it is not difficult to understand the real-world implications a successful ransomware attack can have on customers and citizens. 

Increasingly, ransomware is one of a number of modules being dropped by other malware, such as Emotet, which was the most prevalent malware variant of 2019 (per the 2020 Cyber Security Report from Checkpoint Research). However, if it is true for Emotet, it is also true for other malware variants which use similar techniques to progress through the typical attack lifecycle, including execution, discovery, persistence, lateral movement, etc. So once initial access is gained, it becomes a question of how robust your internal security controls are against the techniques employed throughout that attack lifecycle.

How susceptible is your organization to a Ransomware attack?

The secret is to be able to test your systems for their resiliency to that family of threats and their delivery vehicles on an ongoing basis. A new Automated Penetration Testing platform, named PenTera enables just that. It uses those same emotet-like techniques in its tests and singles out controls that need configuring and vulnerabilities that need patching to stop these kinds of attacks from happening. If and when PenTera is able to reach an achievement using the non-malicious techniques, you may conclude that Emotet will also be able to reach the same achievement using malicious techniques. An example being brute forcing the local admin password (MITRE ID T1078) and using the credentials to move laterally using the Admin$ share (MITRE ID T1077).

By working through the concise and focused remediation activities you can then re-run PenTera and validate that the achievements are no longer possible. If a given technique can no longer be executed successfully using PenTera, that technique will likely no longer be available for Emotet to successfully execute, thereby pre-empting the ransomware drop.

So even if it is possible for malware to enter your network, by using PenTera to identify those techniques used by the trojan to download and execute ransomware malware, you can dramatically reduce the probability of a successful attack.

That in itself may allow you to sleep somewhat sounder than before.

Subscribe to our newsletter

Find out for yourself.

Begin your journey in security validation and see why leading companies trust us with their cybersecurity validation.

Start with a demo
Related articles

Create Stronger Passwords with These 5 Tips

Would you believe if I told you that you 81% of data breaches worldwide are caused by hacked passwords? This statistic provided by Verizon Data Brea...

Top Ingredients for a Winning Startup

“He shoots, he scores!” I still hear the sports announcer’s excitement coming across the loudspeaker -- in my high school basketball court days. ...

Comparing Cyber Warfare to Chess Strategies

In cyber warfare, like in chess, the game outcome is not determined by a single exploit (or move), but rather by a patient silent-predator strategy....