← All threats
MEDIUM
Ransomware Incident
Confirmed ransomware encryption + extortion event. Calls for the full playbook: MFA on remote access, immutable backups, EDR on every endpoint, network segmentation, PAM and a tested IR playbook.
Confirmed ransomware encryption + extortion event. Calls for the full playbook: MFA on remote access, immutable backups, EDR on every endpoint, network segmentation, PAM and a tested IR playbook.
MITRE ATT&CK
Tactics, Techniques & Procedures
TA0006 Credential Access
tactic
TA0040 Impact
tactic
TA0001 Initial Access
tactic
TA0008 Lateral Movement
tactic
Defensive mapping
Mapped controls
The audit will verify each of these controls is in place and effective.
| Control | Confidence | Why it matters |
|---|---|---|
| MFA enforced for remote / VPN access suggested | 75% | Recommended control for ransomware |
| Immutable backups suggested | 75% | Recommended control for ransomware |
| EDR on every endpoint suggested | 75% | Recommended control for ransomware |
| Network segmentation between user and server tiers suggested | 75% | Recommended control for ransomware |
| Privileged access management (PAM) suggested | 75% | Recommended control for ransomware |
| Incident response playbook suggested | 75% | Recommended control for ransomware |