Skip to main content

What If You Had Advance Notice of a Ransomware Attack?

Cyndi Gutowski
Posted on June 29th, 2021

One of the worst things about ransomware attacks isn’t just the mayhem they cause as your data is encrypted by criminals and your business is put on hold — it’s not knowing when they’ll happen. But what if you had some advance notice about the next cyberattack before it hit? What if you could find out if your data was up for bid on the dark web?

Ransomware is a popular tool for cybercriminals and attacks have been increasing in frequency. A recent Check Point Report found a 102% increase in ransomware attacks this year, up to as many as 29 attacks a week. In addition, malware can sit in your system for 8 to 12 months, completely undetected. Because ransomware is big business, criminals show no sign of stopping – according to a study published in ITPro, the average ransom paid in 2021 was $170,404. Unfortunately, not many organizations have a few million or billion dollars in reserve, designated for a ransomware attack. Fortunately, however, there is help available.

Stopping ransomware attacks before they start

Ransomware actors spend day and night seeking opportunities to break into your system and hold your assets — and those of your third parties — for ransom. Sometimes they repeat attacks that were successful and exploit those victims for continuous attacks and repeated ransoms. SecurityScorecard is helping you put a stop to those attacks before they even happen.

As of June, SecurityScorecard has introduced three new ransomware issue types designed to help you identify and remediate potential ransomware risks so your organization isn’t the next victim in the headlines. These tools give you visibility into your ransomware risk. It’s like having a camera at your home’s entrance that lets you see who it is before unlocking your door. Our new issue types are a window into the people who are knocking at your network’s door, and those of your vendors and third parties.

As with a camera at the door, you can see who is there, determine whether they’re a threat, and take appropriate action.

Products Exploited by Ransomware

Based on SecurityScorecard Sentinel, which performs internet-wide continuous daily scans across thousands of ports, this issue type is designed to surface information about products recently exploited by ransomware actors. Exploited products have specific vulnerabilities that have recently been used by threat actors to introduce ransomware variants into a company network. If you see this signal, it indicates that there is a product running in the environment matching one of these vulnerable products.

Ransomware Victim

This issue type tells you if you’ve been breached, and when. This signal is based on information from the dark web that a company domain was mentioned on a ransomware operator's leak site as a victim. If you see this signal, it will indicate which ransomware actor breached the company and on what date.

Ransomware Risk Indicator

This issue type indicates an organization is at a higher risk of a ransomware attack because they use exposed services. When you see this signal it means one of your services has been identified as commonly used by ransomware actors to introduce malware into other victims’ environments.

What should you do if you experience a ransomware attack?

Before you’re attacked, follow best practices so that you have a response plan in place.

Determine your business needs, investigate your risks, audit your and your vendors’ infrastructure for potential ransomware risks and take the opportunity to remediate them.

SecurityScorecard, is your technology partner for vendor risk management (VRM), we help you continuously monitor and detect issues, and give you the right information for fast remediation.

Return to Blog
Join us in making the world a safer place.