Have you tested your security strategy against a Ransomware scenario?

Testing your security strategy against a ransomware scenario can reinforce your cybersecurity in several ways. It can help you identify any shortcomings in your technology and process and serve as a training environment for your incident response team. Ultimately, testing your security strategy assures you that your organisation is ready should a ransomware attack occur. 

Test Scenarios

The first step in testing your defences against ransomware is to prepare various scenarios. Typically, a ransomware attack follows a strategic approach. You must build and test procedures for each phase from infection and dissemination to extraction and detonation.

Infection Scenarios

During the infection phase, cybercriminals try and infect your network with ransomware using various tactics. Phishing, attacks on weak authentication, and exploiting system vulnerabilities are the most common methods.

Testing Phishing Defences

With an estimated 65% of ransomware delivered via phishing, testing your security against this type of attack must form a core part of your strategy. As these campaigns typically target end-users via email, you need to assess your email and web filtering capabilities as well as your staff’s security awareness. An excellent way to test these defences is to create and launch a fake phishing attack. Many tools help with these types of simulations, providing detailed reports that illustrate your security effectiveness.

Testing Weak Authentication

Another known method criminals use to gain unauthorised access to a victim’s environment is weak authentication. Unfortunately, for many systems, the traditional username and password combination remains the only access control mechanism. The challenge with passwords is that people reuse the same one or choose one that is easy to guess. Using tools with lists containing millions of known or compromised passwords, criminals launch automated attacks until they find a valid credential. You can test your defences against these types of attacks by using the same tools and techniques. Password lists and automation tools are freely available on the Internet, and many security vendors offer these as part of their product suites.

Testing System Vulnerabilities

Exploiting known system vulnerabilities is another attack criminals leverage to infect an environment with ransomware. Using automated tools, they scan systems and applications looking for weaknesses they can abuse. Ensuring you update your technology stack with the latest security upgrades and patches is the best defence against this type of attack. The optimum way to test for any weaknesses is to utilise one of many vulnerability testing and assessment solutions. These tools search your systems and applications for known vulnerabilities providing detailed reports and remediation actions.

Dissemination Scenarios

If a criminal succeeds in infecting a device with ransomware, their next step is to try and use the foothold to infect the rest of your network. Typically, they leverage system and network vulnerabilities or take advantage of weak access controls and inadequate network security.

Testing System Vulnerabilities

Running the same vulnerability scanning tools on your internal network as you did on your external facing systems can help you identify any weaknesses. These tools can also recognise any weak security settings that an attacker may leverage to spread the ransomware infection.

Testing for Inadequate Network Security

Testing for inadequate network security requires an offensive approach. A network security assessment typically starts with an inventory of your resources and their information value. Once you have a scope, you can use automated tools and scripts to test access control strength. You can then document the findings and implement any remediation actions.

Extraction Scenarios

Ransomware is a lucrative business for criminals. As their business model is to maximise as much profit from the campaign as possible, they often adapt their tactics accordingly. As they can demand a second ransom if they hold a copy of the victim’s data, a recent tactic involves extracting it before encrypting it. The best defence against this type of attack is implementing a Data Leakage Prevention (DLP) solution.

Testing Data Leakage Prevention

A DLP solution uses a set of policies and actions that monitor data leaving an organisation. It checks email, attachments, and even uploaded files for sensitive information. If the file or email contains flagged data, the DLP solution then either alerts the administrator or blocks the action. Since this security platform monitors all data leaving an organisation, you can also configure a policy to block or alert if it detects a large volume of information.

Detonation Scenarios

The final step in a ransomware campaign is detonation. During this phase, the attacker executes the malicious payload of the malware encrypting all data. Restoring data from a backup is the best and last defence against ransomware. However, criminals realising that organisations use this fallback position have adapted their tactics. They seek out and attack backups first, so the victim has no option but to pay the ransom or lose their data forever.

Testing Backups

Regularly testing your backups must form part of your data protection strategy. It proves the technology, helps identify any data missing from backups and sets baselines for recovery times. However, since ransomware now targets backups, you must adapt your testing accordingly. Immutable backups are the last line of defence against ransomware. As no one can alter or delete the data, they are an effective defence against an advanced attack. During your security testing, you must test the immutability of your backups. Ideally, no one, not even an administrator, should be able to alter or delete any data.

Implementing a Security Testing Strategy

Cybersecurity is vital to any organisation that leverages systems or applications. A security strategy must include regular testing. As an attack could occur at any time, continuous monitoring is also vital. The best way to test your defences against ransomware is to think like a criminal. By simulating the tactics they use, you can identify any weaknesses and remediate them before an actual attack occurs.

To support organisations as they plan for this evolving threat environment, AUCloud have published a white paper to give you the information you need – “How confident are you that you can recover from a ransomware attack” has been written for a government and critical national industry audience who need to incorporate Sovereign Data requirements into their ransomware mitigation strategies.

You can download your complimentary copy by clicking on this link:



AUCloud: Keeping the data of Australians in Australia