Ransomware Protection Kit

Ransomware Protection

Preparing for the "Not if it occurs, but when it occurs" scenario

Ransomware is a cyber threat that doesn't discriminate. Regardless of business size and whether your organisation is in healthcare, government, finance, manufacturing, or retail - you're vulnerable to ransomware.  

Traditional cybersecurity services such as penetration testing aren't looking for vulnerabilities to ransomware, and there isn't a "one size fits all", or "install this software" fix. This specialised service helps organisations to understand where and how they're at risk, what controls, remediations, and mitigations need to be in place, and most importantly provides your team with an education-based approach as to why the recommended measures need to be implemented.

Find The Weak Points

This service begins with an analysis and assessment of your environment against the mechanisms through which ransomware gets in, as well as the damage it could possibly do once it's active. We work with you and your specific systems to determine what measures need to be in place to prevent ransomware attacks, as well as recovery and response plans.

Depending on your level of risk based on industry factors, as well as a desired level of control implementation, this service offers multiple levels of control testing depth, simulated phishing, and optional incident response exercises.

Ransomware vulnerabilities are like the swiss cheese of information security. Resiliency requires understanding what needs to be in place, and where. It provides an answer to the question "Can your organisation effectively stop ransomware?"

Become Resilient

The outcome of the ransomware protection service shows you how susceptible your organisation is to an attack, what controls are or are not in place, and compares what's needed to prevent an attack with what your organisation has already. The end goal is resilience against ransomware, increased ability to recover from cyber intrusions, and an increased level of cybersecurity maturity.

Security Centric will provide a recommended remediation and mitigation pathway to specifically protect against ransomware depending on the depth of detail required for your organistion, as determined by your goals and risk level.. These recommendations can either be implemented by your internal IT team, or the security engineers at Security Centric can provide that service too.


Ransomware FAQs

What is ransomware?

Ransomware is a form of malware - malicious software - which once activated encrypts the victim's system. It can affect a single PC, or an entire network, depending upon how securely configured your infrastructure is. 

Once the ransomware has a hold of your infrastructure, if there is no redundancy in place for this there are few options left to you as to recovery of your system. Options include paying the ransom, or hoping there is a decryption key freely available. 

No one is safe from a ransomware attack, but having any weak spots in your infrastructure and processes identified and remediated or mitigated, as well as having a response and recovery plan can help minimise the disruption and cost to your business. 

In a move that is becoming more frequent, organisations affected by a ransomware attack then become vulnerable to secondary requests for ransoms as malicious actors then threaten to sell or reveal sensitive financial and customer data. 

What is the cost of a ransomware attack?

Ransoms demanded by malicious actors post attack can vary greatly. You've probably heard that numbers can run into the millions, with attacks like the one on Garmin and Lion being key examples of this. 

A recent report by Datto (2020) indicates that the average cost of a ransom is generally much lower than the ones we've seen from Garmin and Lion, however the real cost to a business comes from the cost of business downtime. 

The cost of business downtime to recover, decrypt, and the combined cost of loss of trade is nearly 50 times greater than the ransom cost. The average business downtime cost in Asia Pacific in 2020 was $257,000 (USD). 

What types of organisations are most at risk of ransomware attacks?

Ransomware doesn't discriminate and attacks aren't specific to a particular industry. Everyone is at risk of a ransomware attack, and it's a common saying cyber security circles that "it's not a case of if, it's a case of when". 

Can't I just install some antivirus and a firewall?

We wish it was that easy. While an antivirus and a firewall are a great start to protecting against any malicious cyber attacks, there are multiple ways that ransomware can get into and get a hold of your system. 

Specifically for ransomware attacks too is the question of "Once it's there, how much damage can it do?". So the multiple pronged approach to security comes to play in a "prevention plus response and resiliency". 

Information security touches everything from having the antivirus and firewall, through to proper configuration of that, to awareness, training, and policy, to securing infrastructure and web-facing applications. We refer to this as an "attack surface", and what needs to be done to secure your environment is specific and to you. 

The great news is that here at Security Centric our goal is to simplify the understanding and fixing of this as much as possible. We don't just want to tell you what you need to do, we want you to understand why it's important and how it's going to help keep your organisation secure. 

Recent ransomware attack examples

November 2020: Legal services firm Law in Order was hit by what's becoming commonly known as a "double ransom", where the data stolen during the initial attack is then used to threaten the organisation for additional payments. 

Type: Netwalker Ransomware | Ransom Cost: Unknown

October 2020: Barnes & Noble booksellers were targeted by ransomware which compromised customer names, billing and shipping addresses, emails, and telephone numbers. It also affected their online and in-store operations including their ability to process payments. 

Type: Egregor Ransomware | Ransom Cost: Unknown

September 2020: Tyler Technologies, the largest software company in North America dealing with the public sector, paid a ransom for a decryption key to recover their files. 

Type: RansomExx | Ransom Cost: Unknown

August 2020: Garmin electronics - best known for their GPS and fitness tracking devices, but whose technology is also used in aviation - reportedly paid $10m to ransomware hackers. By many accounts the majority of their systems were rendered useless. 

Type: WastedLocker | Ransom Cost: $10m

June 2020: Lion Australia, the beverage giant, was hit by multiple cyber attacks that included ransomware, after which the hackers threatened to publish or auction company data on the darkweb. 

Type: REvil | Ransom Cost: $1.16m 


Additional resources

Looking for additional actionable resources to further understand ransomware and the risks (and what you can do about it) to your organisation?

Recent regulatory news and updates as it relates to ransomware in Australia: Regulating Ransomware Payment Reporting: What do you need to know?

A summary of risks (including ransomware) posed to different industries and recommendations from the most recent Verizon DBIR: Actionable Insights from the 2021 Verizon DBIR

A report summary of ransomware threats from 2020: Ransomware 2020: Costs, Risks, and Realities.

Want More Information?


Don't Get Caught Out:

Unsure of what you should be looking for from your penetration test? We've compiled a checklist outlining the top five "must-haves" from your security provider.