What is the Ransomware Risk Report?

Learn about the Ransomware Risk Score found in Corvus Smart Cyber Insurance quotes.

The Ransomware Risk Report is a component of the Dynamic Loss Prevention (DLP) Preview report found in each Smart Cyber Insurance quote. There is a page dedicated to this score within the quote, which comes after the overall summary. This article will walk through the components of this page. 

Screen Shot 2020-12-28 at 11.20.35 AM

1. The score

"Ransomware & Cyber Extortion" has always been one of the scoring components of the overall Corvus Score, and displayed on the DLP Preview report. With the expanded Ransomware Risk Report, the score encapsulates more types of software vulnerabilities and additional vulnerable services like remote access tools that are frequently used as vectors for ransomware attacks.  

The score ranges from 1 to 100 and the report indicates if the numerical value is associated with High, Moderate, or Lower risk. Organizations with the lowest scores are roughly 4x more likely to experience a ransomware event than organizations with higher scores. 

  • The presence of critical attack vectors, such as unsecured Remote Desktop Protocol (RDP) ports, will result in a very low score (High risk). 
  • The presence of critical software vulnerabilities, those rated highly by the National Vulnerability Database for their ease of exploitation and potential impact to a victim, result in a lower score (High or Moderate risk). 
  • Relatively large numbers of non-critical vulnerabilities may also contribute to a lower score (High or Moderate risk) even in the absence of a critical vulnerability.

👉  Note: It is important to convey that the best (highest) scores do not indicate safety from ransomware. These only indicate that the most common vectors for attack are not present in the system, making the organization safer than the average of our database. Hackers are constantly using new methods and sometimes employ less common vectors that are not yet part of an observable trend. 

2. What Makes Up Your Score

A high-level outline of what led to the score is shown to the right, falling into two categories: Risky Open Ports and Software VulnerabilitiesThe number of instances of each category found, and in some cases what the specific issue is, will be enumerated. 

  • Risky Open Ports include Remote Desktop Protocol (RDP), SSH, and Apple Remote Desktop among others. These will only be counted if they are publicly visible (rather than protected by a VPN or a firewall). 
  • Software Vulnerabilities are any software vulnerabilities scored 7/10 or higher by the National Vulnerability Database that are potentially applicable to the organization because of the presence on their system of software versions that are known to harbor the vulnerability. 

3. What to expect from delivering the report

This report will provide a client with a high-level overview of their relative ransomware risk. We've also included some facts about the prevalence of ransomware, and some basic (but highly effective) security best practices to prevent ransomware from our Chief Information Security Officer.

As with the Dynamic Loss Prevention Summary Report, this report will not provide specifics about exactly what was found, and where. The full Dynamic Loss Prevention report is delivered upon binding the policy and enumerates all vulnerabilities found by the scan with actionable information for IT teams at the organization to use to locate and remediate.  

👉  Note: In the case of the most critical issues, such as open Remote Desktop Protocol or the Bluekeep vulnerability, we strongly suggest immediate action to remediate the issue (and will require it for binding the policy). Corvus will help your client to locate the issue if needed for these critical cases.