Security News > 2021 > August > How Ready Are You for a Ransomware Attack?

There are four steps to analyzing how prepared you are for a ransomware attack.

Such analysis roughly breaks down as follows: How easy it is to break into your environment in the first place; given an initial toe-hold, how difficult is it for an attacker to escalate privilege, move laterally and get access to data and systems critical to your business; do you have a handle on data which would warrant a substantial ransom to prevent public disclosure and how easy would it be to exfiltrate large amounts of data from your environment without detection; and how confident are you of your ability to quickly restore your environment from backups?

This is not like a targeted attack being carried out by a nation-state where there is great motivation on the part of the attacker to specifically attack you.

This phase of the attack often requires some manual control, so identifying and disrupting command and control channels can pay significant dividends - but realize that only the least sophisticated attacker will reuse the same domains and IPs of a previous attack.

One of the means of determining how easy this form of lateral movement is in your environment is to run a tool like BloodHound to visualize the possible attack paths leading to these targets.

The further left you move in the timeline of the attack, the more you will have to rely on aggregating several weaker signals into one stronger one to identify a possible ransomware attack.

News URL

https://threatpost.com/how-ready-ransomware-attack/168837/