Core Impact Introduces Ransomware Simulation

Once upon a time, it was often necessary to define the term “ransomware” as it was frequently met with questioning looks and the need for clarification. Nowadays, you can hardly go a day without hearing about some sort of attack. What has made ransomware such a pervasive threat, and how can organizations learn to better protect themselves? In this blog, we’ll discuss why so many are worried about ransomware and how Core Impact’s latest ransomware simulation feature makes this pen testing tool more effective than ever at reducing your risk.

The Concern Over Ransomware

According to the 2022 Penetration Testing Report, ransomware is one of the top concerns for cybersecurity professionals. Unfortunately, the ever-constant anxiety over ransomware is well justified. A report by PhishLabs shows there is a consistently rapid increase in ransomware, with a growth rate of well over 100% year over year. The cost of ransomware attacks is also on the rise and has even put some organizations out of business. The average ransom demand alone was $220,298 in 2021. The recovery cost is much steeper, and averages at $1.8 million.

Ransomware has perhaps become so prevalent due to ease of use. Not only can you purchase ransomware kits off the dark web, you can also hire the work out, using Ransomware-as-a-Service (RAAS) providers. Additionally, the most popular ransomware vectors are built into every organization and impossible to close—according to the 2021 Malware Report, 70% of ransomware breaches had entered the surveyed organizations using phishing emails.

However, despite these challenges, organizations are not helpless against ransomware threats. Just like so many things in life, the key to improving your defenses comes down to regular practice.

Ransomware Simulation with Core Impact

Users of Core Impact can now efficiently simulate a ransomware attack using an automated Rapid Pen Test (RPT). Given ransomware’s close association with phishing campaigns, the simulator can easily be paired with a phishing campaign RPT for deployment. From there, security teams are then able to mimic the behavior of multiple ransomware families, encrypting user-specified files using a fully reversible symmetric key. They can also exfiltrate files to establish which mission critical data is most at risk after the initial breach is complete.

Additionally, if enabled, the ransomware simulator offers an automatic rollback after a set amount of time, leaving the environment as it was before the attack. If files remain encrypted, this gives defensive utilities a chance for detection and subsequent triggering of corrective actions.

Finally, Core Impact’s ransomware simulator enables the definitive move of most ransomware strains: the ransom note. Security teams can create and leave an explanatory README file once the exercise has been completed. This file will inform a user that they have experienced a ransomware scenario and can prompt them to contact the security team or provide other next steps, such as further training on ransomware and how it can get into your system.

You can see Core Impact’s ransomware simulation in action in the overview video below: