Assess Your Organisation’s Readiness to Identify, Protect, Detect, Respond & Recover from a Ransomware Attack

With Risk Crew’s Ransomware Readiness Audit You Will:


Without complete visibility it’s impossible to know if you’re doing everything possible can to reduce your company’s risk to ransomware


Find out if current controls and protection is effective against a real ransomware attack


Get an unbiassed overview of how quickly your business can identify and report an attack


Identify if the business has the capability to appropriately respond to a ransomware attack


Discover if the contingency plan includes all important aspect to recover from a ransomware attack quickly and thoroughly

The Risk Crew Approach

Our service is based upon the NIST Cybersecurity Framework approach and is comprised of the following five components:

Step 1: Identify

Risk Crew will begin by identifying, locating and classifying the critical business’ assets (both informational and digital) and confirming these with you.

Objective: Where could a ransomware infection significantly hurt the business?

We will then conduct a ransomware vulnerability assessment against known risk scenarios identifying and documenting all existing anti-malware controls and mapping them to the confirmed business assets to verify the applicability and any detect gaps in protection.

Objective: Are current controls applicable?

Risk Crew will also survey and benchmark the business’s current level of security awareness of the threat of ransomware, its methodology and potential entry points into the organisation.

Objective: Does the business understand the threat?

Step 2: Protect

Risk Crew then assess the effectiveness of the existing controls and processes implemented to mitigate an attack. These would typically include assessing:

  • Data Back-up Methodology
  • Network Segmentation
  • Web Protection
  • Mail Protection
  • User Permission & Awareness
  • Servers & Endpoint Configuration
  • Change & Patch Management Processes

Upon completion, Risk Crew conducts 10 different simulated ransomware infection attacks to evaluate your business’ current controls against real-world threat attack scenarios.

Objective: Are current controls effective against a real ransomware attack?

Step 3: Detect

Risk Crew then assess how quickly your system and users detect the simulated attacks and report them to the appropriate business division or point of contact.

Anti-malware security software and hardware products would also be assessed.

Objective: How quickly can your business identify an attack?

Step 4: Respond

Next, Risk Crew assess the business’s response to the simulated ransomware attacks. This is done through a table-top walk-through of the existing Incident Response Plan and monitoring the “live” exercise.

The business Incident Response Plan and procedures are specifically assessed for efficiency and effectiveness. Team members are assessed for their execution of the plan and their professional skills and experience.

Objective: Does the business have the capability to appropriately respond to a ransomware attack?

Step 5: Recover

Finally, Risk Crew audit the business’ capability to recover from the simulated ransomware attacks. This is also done through table-top walk throughs of the existing Business Continuity and Disaster Recovery (BC/DR) plans to confirm their applicability to conditions resulting from the “live” exercise.

System back-ups are verified and documented business impact assessments (BIAs) are also assessed for their relevance and accuracy.

BC/DR vendor solutions are also evaluated for efficiency and effectiveness in this final phase.

Objective: Does the business have the capability to recover from a ransomware attack quickly and thoroughly?

This step is critical as it confirms the actual attack surface associated with the application.

What Our Customers Say

Contact a Risk Management Expert for a Quote

    Information Risk Management Service(s) of interest:

    Information Security Threat & Risk AssessmentInformation Security PoliciesRansomware Readiness AuditSecure Code ReviewInformation Security Awareness TrainingSupply Chain Information Risk ManagementInformation Security Risk Consultancy Service

    Would you like to receive occasional emails on the latest security news and information on Risk Crew services?


    View our privacy notice here.

    Why Choose Risk Crew

    Risk Crew security consultants possess over 30 years of hands-on skills and experience in malware, and designing and testing incident response, business continuity and disaster recovery plans. It’s what we do. We: think deeply, question assumptions, determine cause and effect and always deliver measurable results.

    We believe that you should accept nothing less. So much so if you are not happy, with our services, you are not charged. Who else does that?

    We Work With All Industries

    With over 30 years of experience under our belts, we have worked with with all industries.


    Ready to Get Ransomware Ready?

    Contact one of our experts for a quote or for more details about the service.


    Dealing with ransomware just takes the right crew – the Risk Crew. Turn here for results.