Ransomware Funnel: Overview

High-level overview of the ransomware funnel in RiskSense’s Ransomware Dashboard.

The Ransomware Funnel is available on the Ransomware Dashboard in RiskSense.

Ransomware Funnel - Full Funnel

The left-most and widest funnel section offers total counts of scanner findings, CVEs, threats, and asset counts for all open vulnerabilities regardless of ransomware correlation. In other words, the Total Vulnerabilities section represents all open findings and assets to which your RiskSense account has access.

Ransomware Funnel - First Section

Moving down the funnel, the Ransomware Exposure section reflects those scanner findings, affected assets, threats, and CVEs that have the potential to cause a ransomware event. This section can be leveraged to answer questions such as “where in my infrastructure are possible ransomware exposures?” and “which scanner findings does RiskSense know have an association with exploits, malware, or other attack vectors that may allow an attacker to gain a ransomware foothold?”

Ransomware Funnel - Second Section

The Ransomware with RCE/PE Exploits category further narrows focus, taking the wider Ransomware Exposure section of the funnel and putting a spotlight on those finding which can lead to a ransomware event through a malicious attacker’s use of Remote Code Execution or Privilege Escalation-related weaknesses.

Privilege Escalation refers to the exploitation of a design flaw, misconfiguration, or bug in software to gain higher-level access to resources that are not normally available to that user.

Remote Code Execution is access that an attacker gains to craft an attack remotely for the purpose of gaining access to a device or service. In other words, the malicious attacker would have the ability to run arbitrary commands as a non-authorized user.

Ransomware Funnel - Third Section

The Narrowest funnel section is Trending Ransomware. Trending refers to scanner findings, CVEs, or exploits that RiskSense has observed being actively used in real-world attacks and/or discussed over the past 30 days. Trending analysis is conducted on a continuous basis, so the counts within this funnel section can change significantly as vulnerabilities and exposures start and stop being leveraged or discussed.

Ransomware Funnel - Fourth Section

As the Ransomware Funnel provides a simplified breakdown of host finding counts under a series of increasingly specific filters, the dashboard widget is often considered in a right-to-left manner.