Ransomware attacks affect practically every business sector and are growing in intensity. This is fuelled by an influx of new ransomware actors, the expansion of existing affiliate schemes and the pursuit of improved revenues by established cyber crime actors. The barriers to entry into ransomware operations have been lowered by ransomware as a Service (RaaS) schemes which means that SMEs are as much at risk from a ransomware attack as large organisations. In addition, threat actors exfiltrating sensitive data prior to encryption, and leaking it publicly, has begun trending exponentially.
We have a novel approach to ransomware readiness, leveraging Microsoft capabilities and our in-depth knowledge of threat actors and attack tactics.
Instead of relying on isolated penetration tests or security frameworks, we explicitly test for your end-to-end technical resilience to the current attack tactics ransomware operators abuse. With a resilience score per attack tactic, we are able to give you concrete insight in your overall ability to prevent a ransomware attack, but also able to pinpoint in-depth details on which settings to change to become more resilient.
Our global threat intelligence team tracks, analyses, and reports on worldwide threat actors. This includes a very detailed view on TTP's that the top ransomware group use and industry specific threat actors that are applicable to your specific line of business. The information position of our TI team is fed into our approach to be able to test for the latest, most real-world kind of scenarios that we see happening as we speak.
Traditionally during a review, settings on IT systems are checked via broad policies in combination with a deep-dive on a sample of IT systems. This approach was the best choice in coverage versus effectiveness, but only gives a real insight in a very narrow part of the IT environment. In the case of ransomware operators; they take the time to search for the weakest link, which might be missed in the traditional approach. Using existing Microsoft Defender for Endpoint technology, every IT system can be queried via centralised Advanced Hunting Queries, reaching a complete coverage with less effort. We developed custom Hunting Queries that check for the concrete controls that should be implemented to address the TTPs of the ransomware groups - enabling us to identify settings on the entire population of enrolled IT systems.
But technical resilience is just one part of the equation. Effective backup processes are crucial to mitigate the impact of a successful ransomware attack, and incident response effectiveness dictates the damages on your business. In the event of a ransomware attack, a swift and effective response can significantly limit the damage. We help you develop robust response and recovery protocols to ensure that you're prepared for such an eventuality.
 
                            
                            Partner Cybersecurity, Privacy & Resilience, PwC Netherlands
Tel: +31 (0)63 086 15 22
 
                            
                            Partner Cybersecurity, resilience & privacy, PwC Netherlands
Tel: +31 (0)62 243 29 62
