Ransomware Resilience

Ransomware resilience rethought

Ransomware attacks affect practically every business sector and are growing in intensity. This is fuelled by an influx of new ransomware actors, the expansion of existing affiliate schemes and the pursuit of improved revenues by established cyber crime actors. The barriers to entry into ransomware operations have been lowered by ransomware as a Service (RaaS) schemes which means that SMEs are as much at risk from a ransomware attack as large organisations. In addition, threat actors exfiltrating sensitive data prior to encryption, and leaking it publicly, has begun trending exponentially.

We have a novel approach to ransomware readiness, leveraging Microsoft capabilities and our in-depth knowledge of threat actors and attack tactics.

Ransomware resilience insights based on the actual tactics, techniques and procedures (TTP's) threat actors abuse in the wild

Instead of relying on isolated penetration tests or security frameworks, we explicitly test for your end-to-end technical resilience to the current attack tactics ransomware operators abuse. With a resilience score per attack tactic, we are able to give you concrete insight in your overall ability to prevent a ransomware attack, but also able to pinpoint in-depth details on which settings to change to become more resilient.

 

Our industry-leading threat intelligence team ingest the latest attack tactics ransomware operators use

Our global threat intelligence team tracks, analyses, and reports on worldwide threat actors. This includes a very detailed view on TTP's that the top ransomware group use and industry specific threat actors that are applicable to your specific line of business. The information position of our TI team is fed into our approach to be able to test for the latest, most real-world kind of scenarios that we see happening as we speak.

We leverage Microsoft capabilities to give an unique, complete view of the status of all your devices in the network

Traditionally during a review, settings on IT systems are checked via broad policies in combination with a deep-dive on a sample of IT systems. This approach was the best choice in coverage versus effectiveness, but only gives a real insight in a very narrow part of the IT environment. In the case of ransomware operators; they take the time to search for the weakest link, which might be missed in the traditional approach. Using existing Microsoft Defender for Endpoint technology, every IT system can be queried via centralised Advanced Hunting Queries, reaching a complete coverage with less effort. We developed custom Hunting Queries that check for the concrete controls that should be implemented to address the TTPs of the ransomware groups - enabling us to identify settings on the entire population of enrolled IT systems.

Looking beyond only technical resilience: building robust response and recovery capabilitie

But technical resilience is just one part of the equation. Effective backup processes are crucial to mitigate the impact of a successful ransomware attack, and incident response effectiveness dictates the damages on your business. In the event of a ransomware attack, a swift and effective response can significantly limit the damage. We help you develop robust response and recovery protocols to ensure that you're prepared for such an eventuality.

Do you want to learn more about Ransomware Resilience?

Contact us

Angeli Hoekstra

Angeli Hoekstra

Partner Cybersecurity, Privacy & Resilience, PwC Netherlands

Tel: +31 (0)63 086 15 22

Bram van Tiel

Bram van Tiel

Partner Cybersecurity, resilience & privacy, PwC Netherlands

Tel: +31 (0)62 243 29 62

Mimoent Haddouti

Mimoent Haddouti

Cybersecurity Partner, PwC Netherlands

Follow us