Attack is the secret of defense; defense is the planning of an attack.
– Sun Tzu, The Art of War
Ransomware have gained much notoriety in recent times. Locky, Wannacary, Petya and others have largely contributed to making ransomware attacks mainstream knowledge. However, in-spite of such heightened awareness about the prevalence of ransomware, many employees in organizations remain unaware of their actual impact.
At Network Intelligence, we regularly conduct spear-phishing campaigns for our customers who use our services to simulate real-world phishing attacks against their employees. This provides employees a controlled exposure to being a victim of a phishing attack. Lessons learnt in such circumstances tend to remain with the user much longer.
We realized the need to train users against ransomware attacks and make them more cautious when opening emails or files from untrusted sources.
We are pleased to introduce our RansomwareSim solution to organizations who wish to test the awareness of their employees. This service can also be extended to test the effectiveness of the organization’s security monitoring and incident response teams.
How does it work?
We have built a controlled ransomware simulation framework which can be used to train your users or test the capabilities of your defensive controls. The “malicious” files will be delivered in line with current ransomware distribution trends and will perform actions like a typical ransomware encrypting files on the affected system. Some of the features include:
- Encrypting specific files from specific folders
- Changing desktop wallpaper
- Locking user out of their systems
The ransomware payload is customizable. Depending on customer requirements we can define which folder paths and which extensions should be encrypted. To prevent any major disruption of user systems, system files are not encrypted or deleted.
How does it help your organization?
- This service simulates a real-world ransomware attack. You can evaluate your SOC/IR team readiness or user awareness without having to lose any data.
- This service can also be used as ransomware “training and awareness” service.
- Take your spear-phishing and security awareness campaigns to the next level
Check out the demo below to see the solution in action.
In an effort to give back to the community and to allow organizations to simulate limited ransomware behavior we have open-sourced the project with limited capabilities. Feel free to check it out at https://gitlab.com/networkintelligence/inr/ransom_sim and provide feedback on with code or comments on how we can enhance it while keeping it non-destructive.
Knowing how an attack works helps greatly towards building defenses. Even more useful is an attack simulation which will test the current defenses in place. As we keep pace with threat actor TTPs (Tools, Tactics and Procedures) we also need test the defenses regularly to avert further damages.