Qualys aims to combat ransomware this Cyber Security Awareness Month

Qualys has announced it will offer its Ransomware Risk Assessment service at no cost for 60 days with the aim of providing companies with visibility into their ransomware exposure and automate the patching and configuration changes needed to reduce risk immediately.

The FBI has reported a 62 per cent year-over-year increase in ransomware attacks for the period ending 31 July. US President Biden will convene with global leaders in an effort to protect economic and national security due to the continued escalation of the attacks.

Unpatched vulnerabilities, device misconfigurations, internet-facing assets and unauthorised software rank consistently among the top attack vectors. Authorities like CISA and NIST recommend that organisations strengthen their defence by proactively assessing ransomware risk including quickly patching associated vulnerabilities.

While there is no silver bullet to prevent ransomware, said Jim Reavis, co-founder and CEO of the Cloud Security Alliance, companies can take charge with proactive measures including solid cyber security hygiene, patching for known ransomware vulnerabilities, changing configurations and adjusting security policies.

"Qualys Ransomware Risk Assessment puts cyber security teams in control by operationalising government guidelines and providing a company-specific ransomware heatmap so they can eliminate an area of risk and shrink their attack surface," Reavis said.

Vulnerability and threat researchers at Qualys have analysed ransomware attacks over the last five years to identify approximately 100 CVEs commonly used by ransomware threat actors. Researchers mapped CVEs to ransomware families like Locky, Ryuk/Conti and WannaCry along with specific misconfigurations that are typically leveraged by the threat actors.

Leveraging the research, Qualys developed the Ransomware Risk Assessment service, powered by the VMDR platform, to help organisations proactively identify, prioritise, track and remediate assets that are vulnerable to ransomware attacks. Once identified, vulnerabilities are mapped to available patches that can be directly deployed from the service without requiring additional tools and VPNs reducing the company’s ransomware exposure.

This year's theme for Cyber Security Awareness Month focuses on “Do Your Part. #BeCyberSmart,” aimed at individuals and organisations to own their role in protecting their part of cyber space. To address specific challenges and identifying opportunities for behavioural change, Qualys is aiming to help clients by offering its Ransomware Risk Assessment service designed to assist with bolstering cyber resilience in the spirit of this year's cyber security initiative.