Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment helps companies protect themselves against ransomware attacks by examining 14 crucial security areas and attack vectors.
Contact Us

Ransomware attacks on enterprises of all sizes across virtually every industry sector are on the rise. As of 2021, at least one business became infected with ransomware every 11 seconds, all contributing to a global cost of $20 billion a year.

From Kroll’s perspective, we know that every organization can be a victim because a successful ransomware attack is within the reach of cybercriminals everywhere. 

Some threat actors are meticulous planners, deftly mapping internal networks to identify core business functions and sensitive data storage, even going so far as to research a company’s financials to gauge how big a ransom they can afford to pay. At the other end of the spectrum, creators of “ransomware-as-a-service,” who simply demand a percentage of the ultimate ransom, have opened doors for an entirely different class of cybercriminals who can now launch attacks with minimal risks against a wider range of targets.

Proactive Preparation Is the Best Protection Against Ransomware

While it is nearly impossible to prevent all ransomware attacks, security and risk management professionals can take proactive steps to neutralize or mitigate their harm. Basic cyber hygiene remains critical. First, businesses must take the time to accurately document the entire configuration of their network on regular basis.


When a local government was victimized by ransomware, it impacted the municipality’s police and fire dispatch systems, online utility payment system, centralized accounting system and many other critical segments on its network. Unfortunately, the IT director was unaware of how many servers were on the network. This lack of awareness delayed the initial remediation, especially when combined with limited viable backups for restoration.
– Matthew Dunn, Associate Managing Director, Cyber Risk.


Second, data mapping inventories are more important than ever. In recent years, many ransomware actors have started threatening to release stolen data to increase the pressure on victims to pay the ransoms. Almost overnight, ransomware attacks morphed from mainly expensive operational disruptions to crises fraught with regulatory data privacy and breach notification regulations. For companies looking to minimize risk, it is imperative for them to know what kind of data they have in their possession and everywhere it is collected, used and stored.

Ransomware Protection: 7 Key Steps

In our experience, there are seven fundamental security steps companies can take to immediately add layers of protection from ransomware:

  • Institute least privilege policies for data/system access
  • Delete unused email addresses
  • Implement and enforce strong password policies
  • Use multifactor authentication


  • Create, update, segregate and protect viable backups
  • Whitelist safe applications
  • Accurately and regularly map network configurations

Responding to Ransomware

In the event that ransomware strikes, organizations should already have response plan that includes these six immediate steps:

Identify the Infection

The type of infection which sometimes is stated in an attacker’s ransom communications, but can also be determined from numerous open-source sites. Kroll can also help pinpoint the type of ransomware as well as any other malware and persistence mechanisms still present in the system.

Isolate Impacted Systems

Remove the impacted systems from other computers and servers on the network and disconnect from both wired and wireless networks.

Report the Incident

Report the incident to the appropriate local law enforcement agency – the police or the national Action Fraud website in the UK, the local FBI field office in the U.S., or the ReportCyber site for people in Australia.

Retain Log Data

Timely action is often necessary to retain any potentially relevant event data for a subsequent investigation.

Think Before You Pay

This involves decision-making processes that should already be outlined in your incident response plan. Victims should also contact their cyber insurance carrier to inquire about ransomware coverage.

Backup Strategy

Restore systems and ensure your organization has prioritized effective backup policies and protocols.

14 Key Security Areas of a Ransomware Readiness Assessment

Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment can help companies identify where their defenses are strong and any vulnerabilities that may be exploited by ransomware actors.  Our methodology focuses on the cyber kill chain, a comprehensive examination that includes remote access configuration, phishing prevention, email and web protections, access controls and endpoint monitoring and end user awareness.

As part of our assessment, we will provide a prioritized, customized set of recommendations to help the organization deflect, detect or respond more effectively to a ransomware attack.

Ransomware Controls, Processes and Technologies

Kroll cyber experts will first focus on controls, processes and technology solutions to lower the risk of ransomware-based attacks. During this step, we will:

  • Analyze relevant firewall and network device configurations to identify security weaknesses
  • Review user activity logging and audit configurations to aid potential investigative efforts
  • Review existing network and endpoint security monitoring solutions and processes


  • Evaluate email and web filtering options and configurations to block phishing attacks and malicious payload delivery
  • Review access and privileged access controls and processes
  • Evaluate vulnerability and patch management controls and processes 

Remote Technical Interviews

Kroll will also interview technical team members to assess any secondary defensive measures that might be in place to protect against email-based attacks. This review will include:

  • Remote access controls
  • Email and web controls
  • Application whitelisting and audit controls
  • Endpoint protection controls
  • Employee awareness and training
  • Backup and audit logging controls
  • Incident response planning
  • Business processes connected to vendor management

A Solid Foundation to Protect Against Ransomware

In our experience, ransomware protection starts with the adoption of fundamental security practices bolstered by some more advanced strategies informed by data we collect on the frontline. With Kroll’s help, a company can build smarter defenses, close gaps, strengthen vulnerabilities, better safeguard sensitive data and more quickly respond and recover from an attack. Call Kroll today for a customized ransomware protection assessment. 

Cyber Products

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

Kroll Artifact Parser And Extractor (KAPE)

Find, collect and process forensically useful artifacts in minutes.

Kroll Notification Navigator

Effective third-party breach management helps reduce claim complexity and cost.

FAST Attack Simulation

Safely perform attacks on your production environment to test your security technology and processes.


Efficiently assess and confidently track the security and resilience of third parties with CyberClarity360, a robust third-party cyber risk management solution.


Proactively monitor, detect and respond to threats virtually anywhere – on endpoints and throughout the surface, deep and dark web.