Ransomware: Develop and Test your Response Strategy Using Simulation In this blog I want to take a look at Simulating a Ransomware Attack and how you would go about developing and testing a Response Strategy. I’ve already covered the basics of a Ransomware attack in this blog article: https://elasticito.com/ransomware-do-you-have-a-tried-and-tested-strategy-in-place/ The object of this exercise is twofold: Maintain business continuity – or in other words a ransomware attack should have little to no disruption to business; Contain and eliminate the attack quickly with minimal effort; Throughout this blog I am going to focus on behaviour rather than specific IoCs. Please also note that the information provide here is a high-level guide and not an exhaustive task list and is focused on the endpoint only. In a future blog post I will cover network security controls. While User Awareness Training is recommended is hasn’t been included as part of validating security controls.
Ransomware: Do you have a tried and tested strategy in place? With the recent Garmin outage that is still ongoing, which has allegedly been caused by a Ransomware attack, a large number of Executives are going to be asking tough questions about how Ransomware could impact their own organisations, as there is a good chance that this outage has had a direct effect on their daily lives. TL:DR – Ransomware attacks are preventable, however organisations need to have a tried and tested strategy in place to prevent these attacks. Breach and Attack Simulation provides the visibility needed to develop and test a Ransomware prevention strategy. While my intention with this article is not to speculate on the Garmin outage specifically, the points below are important factors that YOUR business should consider as important attributes of your Cyber Incident Response Protocol. Due to a lack of transparent communication with their clients