Ransomware Attack Chain Diagram

Threat Event Frequency

Threat event frequency represents the number of times per year that a threat actor successfully infects an endpoint with ransomware (ransomware is detected on an endpoint). Common ways that ransomware accesses an endpoint include phishing and downloading via browser

Vulnerability

Vulnerability (or Susceptibility) represents the probability that the ransomware can circumvent all relevant controls (detection/prevention of ransomware propagation and asset access) and successfully execute ransomware on the asset

Primary Loss Magnitude

The loss event occurs once the actor executes the ransomware on the asset. This typically triggers incident response, management, and containment efforts, at a minimum.

Secondary Loss Event Frequency

Secondary Loss Event Frequency is modeled as the probability of responsive controls (such as backups) being circumvented and conditional (secondary) losses occurring

Threat Event Frequency

Threat event frequency represents the number of times per year that a threat actor successfully infects an endpoint with ransomware (ransomware is detected on an endpoint). Common ways that ransomware accesses an endpoint include phishing and download via browser.

Vulnerability

Vulnerability (or susceptibility) represents the probability that the ransomware can circumvent all relevant controls (detection/prevention of ransomware propagation and asset access) and successfully execute ransomware on the asset.

Primary Loss Magnitude

The loss event occurs once the actor executes the ransomware on the asset. This typically triggers incident response, management, and containment efforts, at a minimum

Secondary Loss Event Frequency

Secondary loss event frequency is modeled as the probability of responsive controls (such as backups) being circumvented and conditional (secondary) losses occurring.