Ransomware Defense Assessment

415 min
Cyber security data protection business technology privacy concept. RANSOMWARE 3d illustration

Why FireEye Mandiant

FireEye Mandiant has been at the forefront of cyber security and cyber threat intelligence since 2004. Our incident responders are on the frontlines of the most complex breaches worldwide. We have a deep understanding of threat actors and their rapidly changing tactics, techniques and procedures (TTPs) by leveraging our combined adversary, machine and victim intelligence sources.

The Ransomware Defense Assessment was developed based on extensive experience responding to and remediating ransomware incidents and gathering threat intelligence on emerging and evolving ransomware.

Overview

The FireEye Mandiant Ransomware Defense Assessment evaluates the effectiveness of an organization’s ability to prevent, detect, contain and remediate a ransomware attack. Mandiant experts assess technical and non- technical elements of your security program to determine how your team will respond to a ransomware attack.

Mandiant experts evaluate the technical impact a ransomware attack could have on your internal network, discover what data could be jeopardized or lost and test the strengths and weaknesses of your security controls’ ability to detect and respond to a ransomware attack.

Methodology

The Ransomware Defense Assessment includes documentation review, logging configuration analysis, deep-dive workshops, and real-world ransomware attack behavior simulations.

 

DATA SHEET | FIREEYE MANDIANT RANSOMWARE DEFENSE ASSESSMENT

 

The Ransomware Defense Assessment focuses on four core ransomware competencies:

  • Security architecture. The security technologies, controls and networks required to defend against a ransomware attack and continue business
  • The capacities of an organization to quickly respond to and contain a ransomware attack.
  • Internal and external communications processes used to deliver corporate messages to key stakeholders. Includes coordination with cyber insurance and legal counsel.
  • The processes and approach to remediate or recover from a ransomware attack.

Our simulations of real-world ransomware attack behavior:

  • Scan for Windows vulnerabilities exploited by ransomware
  • Scan for accessible file shares which could be accessed by ransomware
  • Simulate lateral movement of ransomware by attempting to exploit discovered vulnerabilities or re-use harvested credentials
  • Test segmentation between networks to determine if ransomware can spread to other environments, such as:
    • Manufacturing and plant networks
    • Backup infrastructure networks
    • Retail networks
    • Other secure networks

 

  • Simulate ransomware encryption behavior by using a custom, non-destructive ransomware emulation tool to mimic mass file encryption
  • Perform techniques used by threat actors to deploy ransomware

 

Duration and Deliverables

The Ransomware Defense Assessment typically takes one week. It can be delivered on-premise or remotely.

After the engagement, Mandiant provides a report that includes:

  • Executive summary with strengths and areas for improvement
  • Technical information about the testing process
  • Detailed findings, categorized by severity
  • Executive briefing

Leave a Reply

Your email address will not be published. Required fields are marked *