Ransomware is not a new phenomenon and has in fact been around for over 20 years. However, it is growing in prevalence and the latest variants are so advanced and malicious, they could completely cripple your business. Have you done enough to protect yourself? Simply relying upon anti-virus/anti-malware solutions gives a false sense of security. Most organisations that have been affected by ransomware had up-to-date anti-virus/anti-malware software in place at the time of infection.

Our unique Ransomware+ Advisory Services are specifically designed to review your ability to prevent, detect and react to a ransomware incident.

What is Ransomware?

Ransomware is a type of malicious software that typically infects your machine or device and renders the data on the device (or the device) unusable until a ransom is paid. The data is typically rendered unusable by encryption, which is a process of scrambling the information so you cannot gain access to the data or device until you pay a sum to the cybercriminal that caused the infection. The sum requested varies, and often has to be paid within a specified time-frame, otherwise the data is destroyed and typically lost forever. The latest variants of ransomware can also encrypt entire websites, any backup data you may hold, and even system files in your computer. Some ransomware not only stops you from gaining access to your data, but also threatens to create a privacy issue for you and unless the ransom is paid, it will upload your data to the public Internet.


Our Services

KPMG’s Ransomware+ Advisory Services provides a proactive assessment of your capability to manage ransomware attacks, as well as shameware and other extortion-driven attacks.

Our assessment goes beyond simply considering the technical controls in place, and evaluates your capability from a people, process and technology point-of-view. The holistic nature of our assessment involves:

  • People  - Identifying whether there are any changes you could make to help prevent staff from accidentally or deliberately infecting you.
  • Process - Reviewing your organisation’s ability to manage current and emerging ransomware.
  • Technical - Helping you understand whether your technical capabilities are sufficient to deal with the risk.