Measure how effectively your organisation can protect itself against ransomware attacks and take steps to improve your defences with Rootshell Security’s Ransomware Assessment.
What is a Ransomware Assessment?
A ransomware assessment involves evaluating your organisation’s attack surface in line with the methods utilised by threat actors to deploy a ransomware attack. This could include social engineering assessments, penetration tests, vulnerability scans, and more. The aim of a ransomware assessment is to provide organisations with insight into how resilient they would be to a ransomware attack and what improvements need to be made to minimise risk.
Rootshell Security’s Ransomware Assessment
We use a blend of approaches to measure your ability to defend, detect, and respond to ransomware attacks. Your ransomware assessment is delivered in three parts, ensuring you receive a thorough and insightful test to guide your next steps.
1. Social Engineering and Perimeter Testing
Your employees’ inability to detect phishing attacks is one of the main reasons why ransomware is on the rise, so it’s essential that your personnel are suitably trained. We can perform email, text, and voice phishing assessments to test your personnel’s susceptibility to malicious correspondence, as well as assess your technical defences and perimeter mail gateways.
– Stress test technical defences and perimeter gateways
– Measure susceptibility of users to social engineering (phishing, SMiShing, and vishing)
– Measure susceptibility of users to clicking on links and opening attachments
2. Operating System and Network Testing
This stage of the ransomware assessment focuses on your organisation’s technical defences. This includes well configured end-point detection and response, securely patched and configured system builds, securely configured security policies, and good general industry recognised best practice.
– Audits and build reviews of nominated servers and workstations
– Detonate controlled payloads and non-sanctioned executable files on the systems
– Password policy reviews and general security best practice alignment
– User password audits
3. Public Facing Infrastructure and Application Testing
Detecting and addressing weaknesses within your public facing infrastructure and applications is essential to preventing ransomware attacks. Our CREST-certified testers will perform penetration tests and vulnerability scans to test for issues and potential exploitation points. We recommend that public facing infrastructure and applications are assessed on a regular basis, as threat actors and new vulnerabilities are ever-evolving.
– Unauthenticated public facing infrastructure assessments with false positive reduction and manual confirmation
– Unauthenticated public facing application assessments with false positive reduction and manual confirmation
– We can also conduct these assessments from an authenticated perspective