Skip to main content

Ransomware Readiness

On This Page

Ransomware Simulation Assessment

In an age where Ransomware is a real threat and examples of attacks are featured regularly in the media, it is a growing concern for organisations. The simple question “What happens if they get in?” is a fundamental piece of knowledge regarding understanding an organisation’s exposure to ransomware.

Rather than focus on the “How can they get in” question, which is what many businesses have spent a lot of time and money on over the years, in a modern technologically connected world with disparate end-user devices all connected to singular information sharing systems, the assumption must me that “they are already in”, or at least, that the hurdle of gaining access is not as difficult to mitigate as you initially believed.

Reframing the issue such that the “bad guys” are already in the building lets you focus on ensuring that lateral movement, domain access and system compromise are not as easy as 123, for your visiting bad guy.

The Nellcote HackM3 assessment is a targeted attack simulation designed to establish what, if any, low-hanging fruit exists within the IT infrastructure and what could be leveraged to gain a foothold in the estate. This could ultimately lead to successful Ransom or Extortion attacks from one of the many ransomware operators, leading to high costs, reputational damage and business interruption.


What we do

A device is deployed on your network reducing the cost of the simulation through simplifying the initial foothold and assuming the position that the attackers are already inside the network. This device, with no other access rights than a valid IP address on the network, is used as a beach head to attack your systems and identities in the same manner that a skilled set of attackers would do after the successful compromise of a network connected asset.

The Nellcote team also scan all of the connected networks and systems, including the outside-in view of your perimeter networks and any wireless networks in range of the appliance, for vulnerabilities to establish if any accessible routes into the networks existed that would allow for the internal issues to be quickly, remotely executed by a global attacker.

All exploitable issues discovered are then leveraged to gain access to your systems to a point at which a malicious attacker could use that access to encrypt your estate and delete all your backups.

The results of our assessment generate a lot of technical information about your estate that can be leveraged by your technology teams to make direct improvements, however, the primary formal output of the project is a 2-page report including ratings in a number of key areas. This simple document is designed to be popularised with your senior teams to help drive the business case for security investment. This document is also accompanied by a project close-out meeting where we go through the attack strategies leveraged and demonstrate how any seemingly innocuous weaknesses can lead to full domain compromise.

How do we deploy it?

HackM3 is a physical device, sent via courier in a locked Peli case. It is simple to set up from an end user perspective, all that is required is power and an ethernet connection so that the device can see the internet.

Once plugged into the network it will behave just as an attacker would, driven by one of our team of experienced ethical hackers.

What it will check for

  • Assess how your organisation would fare in the event of a ransomware attack
  • Check the patching levels on the network
  • From a high level assess the organisations suitability for CE/CE plus
  • Understand the level of sophistication required for an attacker to traverse your network,
  • Look at how secure your configurations are
  • Assess boundary defences and defensive design
  • Test the Wi-Fi credentials

Simple Reporting

In conclusion, the Nellcote HackM3 is a realistic Ransomware Simulation, it is not a Penetration Test which would audit all of your systems and network but simulates a hackers actions and approach. The output is an easy to read report highlighting weaknesses in the network with additional technical output detail for IT technicians, internal and external network scans for your team to review and remediate as necessary.

Contact Us