Ransomware Preparedness Program
Services Overview ⫘
The Secureworks Ransomware Preparedness Program offers a comprehensive examination of your defenses against ransomware attacks that includes analysis, resilience simulation, and response readiness. The program, which contains three modules, helps identify weaknesses in your security program that ransomware adversaries are likely to exploit. The program is designed to evaluate different aspects of ransomware preparedness to help you understand your level of exposure as well as evaluate and test your ability to detect and respond to a ransomware attack. Listed below are the modules and service units, followed by service methodologies and other information.
Note
Each of the modules can be purchased separately, depending on your needs and objectives.
Modules and Service Units ⫘
| Module | Service Units |
|---|---|
| Ransomware Simulation | 8 |
| Ransomware Response Readiness | Customer may choose from the following services:
|
Ransomware Simulation ⫘
Service Methodology ⫘
This simulation helps evaluate the potential of a ransomware attack and understand to what extent ransomware can impact your systems and networks. Unlike automated ransomware attack simulators, this simulation is performed by a skilled member of the Secureworks Adversarial Group who will mimic human-operated ransomware attack behavior. Mimicking a human-operated attack is important because Secureworks believes that the earlier you can catch adversarial activity, the greater chance you have of successful eviction. In the case of ransomware, waiting until deployment/detonation is too late. Catching threat-actor activity during the recon/exploitation/lateral movement phases is key to protecting your environment from ransomware execution. This expert-led approach allows us to adjust and maneuver our tactics while emulating the pre-deployment ransomware attack scenario on your environment.
During the simulation, Secureworks will use tactics, techniques, and procedures (TTPs) commonly used during human-operated ransomware attacks to attempt to exploit security weaknesses in your environment. The core components of the Ransomware Simulation are as follows:
- Secureworks will assess the target environment using the same TTPs as the ransomware threat actors to identify any flaws in systems, networks, and applications that can be leveraged by an attacker. Enumeration can include port/service scanning, vulnerability testing, and configuration analysis.
- Exploitation focuses on establishing access to a system or resource through bypassing security controls in attempt to compromise network services. The objective of this step is to identify the primary entry points into your environment and associated high-value assets at risk. Examples of techniques used during the exploitation phase may include kerberoasting, password spraying, man-in-the-middle attack, and password hash capturing/cracking.
- Within lateral movement and privilege escalation, Secureworks will attempt to gain widespread administrative access to your environment. Tactics used include, but are not limited to, abuse of trust relationships, Active Directory attacks, targeting backup servers, credential dumping/harvesting, and pass-the-hash.
- Mock ransomware code execution is an optional part of the simulation. At your discretion, Secureworks can deploy a non-malicious binary to a subset of compromised systems to demonstrate code execution and exercise your defense team’s (blue team’s) ability to react to an executable deployed to multiple systems.
- Additional services are available, such as Phishing and Active Directory Security Assessment.
Outcome ⫘
After completion of the simulation, Secureworks will provide a Final Report containing primary findings and recommendations identified during the simulation. The report will contain details about the simulation along with security recommendations to help reduce the risk of a real-world ransomware attack or other large-scale compromise.
Ransomware Response Readiness ⫘
Service Methodology ⫘
In the event a ransomware attack is identified, every second counts. Timely and effective response to a ransomware threat requires organizations to think ahead, anticipate, and take proactive steps in preparing for an incident. Secureworks recognizes that preparation starts with planning and documentation, and it continues to a Tabletop Exercise. Because different organizations have different needs, our consultants will work with you to identify the most appropriate path to maximize your readiness to respond to a ransomware attack. Secureworks offers the readiness services listed below to help you prepare and be ready to respond to ransomware attacks. You select one or more of the services depending on your needs and objectives. Access each page to learn more about each service, including methodology, outcomes, and the specific number of service units required.
- Incident Response Plan Review
- Incident Response Plan Development (Documentation development – inclusive of developing a Ransomware Playbook)
- Tabletop Exercise
Scheduling and Booking Information ⫘
See Service Scheduling for information about scheduling any of these services.