/
Do you pass the ransomware assessment tests?

Do you pass the ransomware assessment tests?

Owned by Dennis Underwood
May 24, 2022
1 min read

The best answer is…it depends on the quality and accuracy of the ransomware simulations, but we haven’t seen many high quality tests that match true attack tools and behaviors.

Cyber Crucible examines underlying behavioral patterns in file access, memory behaviors, process behaviors, and cryptographic behaviors to identify and suspend data extortion activities in conjunction with an attack.

Some simulations of data extortion software have evolved over time, to be a more accurate representation of real attacks.

We have experienced simulations that, appeared to focus on checking for the data extortion countermeasures disclosed by some vendors, and not the tradecraft of the extortion tools and attackers themselves. A way to say this may be, “Testing for the countermeasure, not for the attack”.

In response, we never shy from tests against attacker emulation, penetration tests, or extortion tools. We routinely attack our own software, and replay attacker tradecraft we observe discussed online or found (and stopped) in client environments.

Related content

Do you test against ransomware exhaustively?
Do you test against ransomware exhaustively?
Cyber Crucible Knowledge Base
More like this
Training Scenario - Vanilla Ransomware
Training Scenario - Vanilla Ransomware
Cyber Crucible Knowledge Base
More like this
Does Cyber Crucible collect encryption keys?
Does Cyber Crucible collect encryption keys?
Cyber Crucible Knowledge Base
More like this
Deploying to an Already Infected Environment
Deploying to an Already Infected Environment
Cyber Crucible Knowledge Base
More like this
How can I tell Cyber Crucible is running on the system?
How can I tell Cyber Crucible is running on the system?
Cyber Crucible Knowledge Base
More like this
Can Cyber Crucible stop lateral attacker movement?
Can Cyber Crucible stop lateral attacker movement?
Cyber Crucible Knowledge Base
More like this