IT Risk Advisory Services
Ransomware Prevention, Detection and Recovery Services
Ransomware is malicious software (malware) used in a cyberattack to encrypt the victim’s data with an encryption key that is known only to the attacker (external threat agent), thereby rendering the data unusable until a ransom payment is made by the victim(1).
The ransom is usually paid in a crypto-currency because of the available anonymity for the external threat agent.
Key characteristics of modern ransomware (2)
- Unbreakable encryption so you can’t access the files
- File name scrambling so that you don’t know which file is which
- Demands for payment in Bitcoin because it’s untraceable
- Ransom demands with time limits
- Complex evasion techniques to bypass endpoint and perimeter protection
- Recruitment of infected PCs into a botnet to distribute malicious code
- Capability to spread instantaneously across organizational networks
- Data exfiltration techniques – extracting confidential data for use by cybercriminals
- Geographical targeting – using location-specific information, such as false IRS demands in the US, so that the threat seems more troubling
An external threat agent usually gets access to your systems via
- Social engineering/phishing
- Exploiting a vulnerability on an internet facing application or service
BRC Services for Prevention, Detection and Recovery from Ransomware
- Cybersecurity Baseline Risk and Control Assessment
- Review / Design Company IT Policies and Procedures
- Review System Hardening Standards and Settings
- Review System Access and Segregation of Duties / Privilege Management
- Review Enterprise Architecture
- Review Backup and Restore Policies and Procedures
- Cybersecurity User Training – Launch an effective awareness campaign across the organization to help keep the potential of phishing on the employee’s minds by providing recurring and visual reminders about common risks, best practices, and the importance of security to the organization.
- Create and test a comprehensive Backup and Recovery Strategy, Policy and Procedures
- Create a comprehensive Data Protection Strategy
- Review / Design an Incident Response Plan /Procedure
- Systems Vulnerability Scanning Assessment
- Wireless Communications Vulnerability Assessment
BRC has created a multi-faceted, risk-based, scalable approach to your cybersecurity concerns.
Kyle Corum Partner, CPA, CFE
Kyle Corum is a Partner with BRC and is the leader of the Firm’s Advisory Services practice, which includes a variety of different types of engagements including: Cybersecurity Due diligence for mergers and acquisitions Fraud and Forensic Investigations Agreed upon procedures Internal control reviews and analysis Outsource CFO and Controller duties Litigation support Shareholder […]
1: Ransomware Defense, Cisco Special Edition. By Lawrence Miller, CISSP. Published by John Wiley and Sons, 2017
2: Ransomware and the Limits of Conventional Protection. NSS Labs. White paper.