Exercise in a Box: Ransomware Scenario - Scottish Business Resilience Centre

Jack Grieve, Cyber Exercising Manager, Scottish Business Resilience Centre, shares in detail the ransomware scenario recreated during our Exercise in a Box workshops.

What is it?

Ransomware is some of the most destructive forms of malware currently in circulation. It has the capability to bring entire organisations to its knees in a matter of days, if not hours. The ransomware can encrypt the targets systems and will demand payment for the restoration of the systems. It is of paramount importance for an organisation to know how to respond to a possible ransomware infection. Ransomware attacks can affect any organisation, and do not discriminate on who is targeted.

This session goes over a mock ransomware infection, through a phishing email, the most common infection vector for malware. This is an extremely common form of attack as 86% of cyberattacks are through phishing. It is essential for an organisation to have resilience against the constant threat of a phishing attack.

The aims of this exercise are as follows:

Understand how your organisation is prepared to deal with phishing attacks.
Recognise how the configuration of your user accounts plays a major role in your defences.
Gauge how effectively you can recover data and resume operation after a cyber-attack.
Build trusted relationships and develop shared understanding between key stakeholders.
Prepare and train key staff to think about what risks they are exposed to.
Operate in a no-fault environment to check and test cyber security defences and capabilities.

Why do it?

With the rise of ransomware attacks, more than ever, it is essential that organisations are prepared in case they suffer an attack. Effectively securing an organisation can be difficult as you are only as secure as your weakest link, and with the everchanging face of cybersecurity it is difficult to prepare against possible attacks.

You can access our ransomware guide here.

It is important for organisations to conduct cyber exercising to enable them to prepare for a potential cyber-attack within their business and mitigate that threat as much as possible. Additionally, please remember that Exercise in a Box is a safe environment for every participant attending.

The session offers multiple takes aways, as within a provided follow up session, a report from the NCSC can be generated, linking to all the guidance relevant to your organisation, taken from the session.

Some of the benefits and key takeaways of cyber exercising include:

Understanding actual versus perceived capabilities of people and technology.
Figuring out where to invest budgets in training or new technology.
Building muscle memory and reducing stress for security teams and management.
Improving morale and team building.
Meeting regulatory requirements.

Who is it for?

Exercise in a Box is aimed at any organisation, big or small, that are aiming to increase their cyber knowledge and perception. Ransomware attacks are an organization wide issue, security is only as strong as its weakest link, and all it takes for a ransomware infection to take hold one email. Understanding the process of recovering and dealing with a ransomware attack, alongside continuity plans, can make the difference between recovering from an attack in a week or a year. It is advised that organisations bring a diverse team and not just the IT department. This will ensure that more of the company is trained and not just a small part of it.