Ransomware: malware that uses encryption to deny access to a user’s data until a ransom is paid. While the definition is simple enough, the consequences from this type of cyberattack always warrant further investigation. When businesses fall victim to ransomware, they can no longer do business; let alone recover from lost information, valuable data, and peace of mind.
Here at Tetra Defense, the ransomware cases we respond to and investigate daily shed light on the industry that thrives in the darkest corners of the internet. We’ve seen attacks on universities, financial organizations, fellow IT professionals, municipalities, maritime navigation companies, and even farms.
As our team helps organizations of all sizes and industries respond and recover from these attacks, we frequently encounter a recurring theme: there are simple, and oftentimes inexpensive preventative measures that can be taken before disaster strikes.
The very nature of these ransomware organizations relies on a shroud of distortion that covers their tracks from beginning to end. The common misconception is that ransomware is a single event occurrence — a malicious email attachment executed, or nefarious website link clicked. That’s usually not the case. What we see once an attacker gets in, they linger, sometimes for months, to find the most important data and services in the environment before making their presence known. As organizations across all industries fall victim to ransomware, as insurance companies develop new and appropriate policies, and as cyber professionals work round the clock on cases, we knew we needed to build a tool to make organizations stronger.
The Ransomware Stress Test, est. 2019
Thus began the development of our Ransomware Stress Test. We quickly established our goals of creating RST:
- Ensure the tool remains free to use and is accessible to as many organizations as possible.
- Help businesses understand how susceptible they are to ransomware in an understandable way.
- Share valuable information to guide them through the process of remediation and the improvement of their information security posture.
We knew we wanted to build an in-depth resource that combined our behind-the-scenes incident response work and our decades of information security experience. While our IR team helps organizations respond to ransomware attacks on a daily basis, our Cyber Risk Management team compiles that insight and translates it into actionable items organizations can implement to protect themselves.
Team members from every division – leadership, digital forensics and incident response, cyber risk management, software development – sat down and posed a simple question: How can an organization protect themselves from ransomware? From there it was off to the races. We quickly identified a list of things that would either make the organization less likely to be attacked, or less likely for the attacker to succeed at getting the ‘foot in the door’ and eventually deploy their ransomware. The further we dove in, we noticed a series of patters in terms of threat actor methodology and common indicators of compromise.
From those very patterns, and from the existing framework of the Center for Internet Security, we created an in-depth assessment focused specifically on reducing the risk of ransomware. We leveraged the experience of our incident response team to write clear, actionable explanations of how certain areas can be exploited, how to remediate, and suggestions for trusted tools.
We knew we wanted to provide far more than written content – as we developed the assessment itself, we created associated tasks to guide organizations through remediation, explanation videos from our CISO, interactive scoring, and so on. We also prioritized certain findings based on how often we see them exploited to show users which areas they need to tackle first.
Too Good Not to Share
Once we have the questions, framework, and lists, what do we do with it? In alignment with our mission to make cybersecurity accessible, and keep it a high priority for business, we decided to offer it for free. The risks are too great to put a tool like this behind a locked, pay-to-access door. We wanted to build a tool that could benefit all organizations, no matter their budgets or personnel resources. Knowing what to do to protect yourself is one thing; knowing how to do it as part of a larger information security program can be harder. As the threat landscape evolves, so does RST. Our team works to keep the assessment and the remediation resources current and reflective of the exploits our IR teams navigate.
Ransomware continues to be a crime with many actors, many misused tools, and countless ethical implications to unpack. While the appropriate response to attacks varies case-by-case, preventative measures can be applied across board and offer protection to avoid ransomware in the first place.
Here at Tetra, we pride ourselves on offering our clients protection and cybersecurity support from all possible sides. We offer both proactive and reactive services, and even our free tools reflect the valuable insights the two worlds share. Our skilled team is made up of former FBI agents, CISOs from healthcare, former law enforcement investigators, white-hat hackers, and enterprise IT administrators – a vast range of experience and expertise available in everything we offer.
The threat landscape changes constantly, but our approach to security remains steadfast. To keep you informed, our upcoming posts will dive into 8 areas of information security covered within RST. We will explain why each section is particularly important, and of course, how you can protect yourself.