Ransomware & Data Extortion Readiness

Would your company survive a ransomware attack?

Most mid-market companies find out the hard way. I led the recovery. Now I help Canadian and US mid-market companies assess and close their critical gaps against both ransomware and data extortion, before an attacker finds them first.

Book a Free Discovery Call → View Assessment Options
// Sample Assessment Output
31 /100
Overall Ransomware Readiness Score, Developing
GV Govern
25
ID Identify
20
PR Protect
35
DE Detect
15
RS Respond
10
RC Recover
20
⚠ Critical ransomware vulnerability identified
$1.53M average ransomware recovery cost in 2025
83% of attacks now include data exfiltration
49% of victims paid the ransom to recover data
66% of attacks use double extortion: steal first, encrypt second
NIST CSF 2.0 assessment framework
CIS Controls 8.1 implementation guidance
$1.53M average ransomware recovery cost in 2025
83% of attacks now include data exfiltration
49% of victims paid the ransom to recover data
66% of attacks use double extortion: steal first, encrypt second
NIST CSF 2.0 assessment framework
CIS Controls 8.1 implementation guidance
The Risk is Real

Ransomware doesn't discriminate
by company size.

Mid-market companies are the preferred target. Large enough to pay, small enough to lack enterprise defenses. Most find out only after the attack.

49%
of ransomware victims paid the ransom to recover their data
$1.53M
average cost to recover from a ransomware attack in 2025
83%
of attacks now include data exfiltration. Backups alone won't save you.
66%
use double extortion: steal the data, then encrypt it
🔐
Two tactics. One catastrophic outcome.
Attackers no longer just encrypt your data. They steal it first and threaten to publish it. Even with perfect backups, a data extortion attack can trigger regulatory fines, legal liability, and reputational damage that recovery alone cannot fix.
📤
Exfiltration attacks are silent
Unlike encryption, data theft causes no operational disruption. Attackers can spend weeks inside your environment staging data before you have any indication something is wrong. Detection capability is your only early warning system.
💾
Backups only solve half the problem
Immutable backups protect you against encryption. They provide zero protection once your data has already been stolen. 83% of attacks now include exfiltration, and an assessment that only stress-tests your recovery capability is incomplete.
🌐
Your attack surface is visible
Open ports, expired certificates, and misconfigured email authentication are all publicly discoverable, by attackers and by us.
Assessment in Practice

What a readiness gap actually looks like.

A 180-person professional services firm engaged RB Cybersecurity Consulting after their cyber insurance carrier flagged gaps during renewal. They believed they were reasonably protected. The assessment told a different story.

The Company
IndustryProfessional Services
Size180 employees
InfrastructureMicrosoft 365, hybrid on-prem
Prior security investmentAntivirus, basic firewall, no dedicated security staff
Assessment score34 / 100 — Developing
Critical Gaps Found
Critical Backup infrastructure reachable from production network. No immutable or air-gapped copies confirmed. Full encryption by ransomware would leave no recovery path without paying.
Critical MFA not enforced on admin accounts or remote access. Three privileged accounts found in public breach databases with no evidence of password rotation.
High DMARC not configured. Domain could be spoofed for phishing attacks targeting employees or clients with no technical barrier.
High RDP port exposed on public IP with no geo-restriction or MFA. Consistent with entry point used in 23% of ransomware attacks.
Medium No documented incident response plan. No defined roles, no communication runbook, no external IR retainer. Recovery improvised under pressure.
30-Day Outcome
Backup architecture redesigned with immutable cloud copies isolated from production. Tested and verified.
MFA enforced across all admin and remote access accounts. Breached credentials rotated and monitored.
DMARC, DKIM, and SPF fully configured. Domain spoofing closed within 48 hours of findings delivery.
RDP access restricted and moved behind VPN with MFA. External exposure eliminated.
Cyber insurance renewal completed. Carrier accepted remediation evidence. Premium increase avoided.
"We thought we were in reasonable shape. The assessment showed us exactly what we were missing — and gave our IT team a concrete list they could act on immediately."
— VP Operations, Professional Services Firm

Results vary by organization. This example reflects findings typical of mid-market companies without a dedicated security function.

See What Your Assessment Would Find
Why This Work Matters

I've seen what happens when the answer is no.

"When the ransomware hit, the company had hours to decide: pay millions, or fight back. I led the fight back."

As the incident response lead during a major ransomware attack at a global IoT manufacturer, I coordinated the technical recovery across dozens of compromised systems, worked with forensics teams, managed executive communications, and helped restore operations while minimizing data loss.

That experience taught me something most consultants learn from frameworks but not from fire: the difference between companies that survive and companies that don't comes down to a handful of specific, testable controls, and most mid-market companies are missing them.

I built RB Cybersecurity Consulting to bring that operational experience to mid-market companies across Canada and the United States.

Ricardo Bastos
Ransomware Recovery & Cybersecurity Program Specialist
CISSP CISM CCSP NIST CSF 2.0 CIS Controls 8.1
20+
Years in IT & Security
10+
Years Security Leadership
3
Elite Certifications
$1M+
Ransom Demands Navigated
SW
Manager, Corporate IT Security Sierra Wireless — Led technical recovery operations during a major ransomware attack affecting global operations

EY
Manager, Cybersecurity Assessments Ernst & Young — NIST CSF framework assessments for enterprise clients

T
Cybersecurity Engineering Manager TELUS — Leading enterprise cybersecurity engineering across a national telecommunications infrastructure
Services & Pricing

Choose the right level
of engagement.

All engagements are fixed-price, delivered primarily remotely with select in-person options, and structured for both executives and technology leaders.

Phase 1
Readiness Assessment
$4,500 CAD fixed
2–3 week delivery
  • NIST CSF 2.0 domain scoring across all 6 functions
  • CIS Controls 8.1 gap analysis
  • Live reconnaissance, Shodan, Censys, DNS, HIBP
  • Ransomware kill-chain assessment
  • Executive risk report (PDF)
  • Priority findings with business impact language
  • 90-minute executive debrief session
Start Assessment
Phase 1 + 2
Assessment + Roadmap
$13,000 CAD fixed
4–5 week delivery
  • Everything in Phase 1
  • 30/90/180-day remediation roadmap
  • Vendor-specific implementation guidance
  • Budget estimates per remediation item
  • Priority scoring by ransomware relevance
  • Two executive working sessions
  • 30-day email Q&A support
Get Started
Phase 3
Advisory Retainer
$1,500 /month
Ongoing engagement
  • Quarterly reassessment and delta tracking
  • On-call security advisory (4 hrs/month)
  • Incident response guidance
  • Security policy review and updates
  • Vendor security review support
  • Threat intelligence briefings
Inquire
What You Receive

Two reports. One for the boardroom.
One for your IT team.

Every Phase 1 engagement produces a single PDF report with two distinct layers — so the right information reaches the right audience.

CONFIDENTIAL
Ransomware Readiness Assessment
Executive Risk Report
Prepared by Ricardo Bastos, CISSP | CISM | CCSP
38
Overall Readiness Score
Developing — High Ransomware Risk
Govern55
Identify48
Protect32
Detect28
Respond35
Recover42
CRITICAL FINDING — F001
No immutable backup copies confirmed
Backup infrastructure is reachable from production network. In 94% of ransomware incidents, attackers encrypt or delete backups before deploying ransomware. Without air-gapped or immutable copies, recovery requires paying the ransom.
Critical NIST RC.RP CIS Control 11 30-day action
📋
Executive Risk Narrative
A plain-language summary of your ransomware risk written for the C-suite. No acronyms. No jargon. Designed to be read in 10 minutes and presented to a board.
📊
NIST CSF 2.0 Domain Scores
Scored across all 6 NIST functions with a maturity level for each. You see exactly where you stand and how you compare to what attackers exploit first.
🎯
Prioritized Technical Findings
Every gap ranked by severity and ransomware relevance, with specific remediation steps your IT team can act on. Not a generic checklist — findings tied to your actual environment.
🗓️
30 / 90 / 180-Day Roadmap
A phased action plan that fits a real budget and a real IT team. Critical stops-the-bleeding items in 30 days. Structural improvements by 90. Program maturity by 180.
🎤
90-Minute Executive Debrief
A live session with your leadership team to walk through findings, answer questions, and align on priorities. Structured so your executives leave with clarity, not more confusion.
How It Works

From first call to final report
in three weeks.

A structured, low-disruption process designed for busy executive teams.

01
Discovery Call
30-minute call to understand your environment, priorities, and concerns. No commitment required. We assess fit and scope before proceeding.
02
Data Collection
Guided questionnaire (60–90 min with your IT lead) plus automated reconnaissance of your public attack surface. Minimal disruption to operations.
03
Analysis & Report
AI-assisted analysis mapped to NIST CSF 2.0 and CIS Controls 8.1. Every finding scored by ransomware relevance, severity, and remediation effort.
04
Executive Debrief
90-minute session to walk through findings, answer questions, and prioritize next steps. Designed for the C-suite, no technical jargon required.
How We Work

A methodology built for
the modern threat landscape.

Most consultants bring a checklist. We bring a purpose-built assessment pipeline that produces deeper analysis faster, without sacrificing the senior-level judgment that turns findings into decisions.

// AI-Augmented Analysis
Frontier AI at the core of every engagement
Our proprietary assessment pipeline uses frontier AI technology to analyze structured questionnaire data alongside real-time external intelligence simultaneously. Every finding is evaluated through a ransomware kill-chain lens, not just a framework checklist. The result is deeper analysis in days, not weeks, with senior practitioner review at every step.
🔍
// External Attack Surface Analysis
We see what attackers see
Automated collection from industry-leading threat intelligence sources maps your externally visible attack surface including open services, certificate posture, subdomain exposure, and credential breach history. No internal system access required.
🗺️
// Dual Framework Mapping
NIST CSF 2.0 and CIS Controls 8.1
Every finding is mapped to both NIST CSF 2.0 across all six functions and CIS Controls v8.1 Implementation Groups. Executives get a score they understand. IT teams get a roadmap they can act on.
🎯
// Ransomware-First Prioritization
Not all findings are equal
Every finding is classified by its direct relevance to a ransomware attack scenario. Your remediation roadmap is sequenced to close the most dangerous gaps first, not sorted by CVSS score or framework category.
📊
// Executive Deliverables
Designed for the C-suite, not the SOC
The final report is written in business risk language covering financial impact, operational exposure, and remediation cost estimates. Boards and CFOs can read it without a translator.
🧠
// AI-Assisted, Human-Led
Speed and depth, not one or the other
Technology accelerates data collection and pattern recognition. Every finding is reviewed, contextualized, and validated by a senior practitioner with 20+ years of hands-on security experience including real ransomware incident response.
// Assessment Pipeline
📋
Questionnaire
Structured 90-min interview
🌐
Reconnaissance
External attack surface mapping
🤖
AI Analysis
Kill-chain and framework mapping
👁️
Expert Review
Senior validation and context
📄
Report
Executive PDF and debrief
Common Questions

What executives ask
before engaging.

A penetration test tells you what an attacker could exploit today. This assessment tells you how prepared your organization is to prevent, detect, and recover from a ransomware attack, across people, process, and technology. The output is a business risk report with two layers: executive-ready risk narrative for the C-suite, and a prioritized technical remediation roadmap for your IT and security team.
Most of the assessment requires no internal system access at all. The core engagement combines a structured questionnaire with your IT lead and passive reconnaissance of your public attack surface. For clients who want deeper coverage, optional steps such as an Active Directory health review can be included — these use lightweight tooling run by your own IT team, so you stay in full control of what is in scope.
Mid-market companies between 50 and 500 employees, typically with one or a small team of IT staff, a Microsoft 365 environment, and limited dedicated security resources. If you're too small to afford an enterprise security program but too large to ignore the risk, this is built for you.
The Phase 1 assessment is delivered in 2–3 weeks from engagement start. Your team's time commitment is approximately 90 minutes for the questionnaire session plus the final debrief. Everything else runs in the background.
NIST Cybersecurity Framework 2.0 (all six functions: Govern, Identify, Protect, Detect, Respond, Recover) and CIS Controls v8.1 implementation groups. These are the two most widely recognized frameworks for mid-market security programs and align with most cyber insurance requirements.
Free Resources

Start your ransomware & extortion readiness
review today.

Practical, no-fluff resources for executives and technology leaders who want to understand their ransomware exposure before engaging a consultant.

Executive Guide
Would Your Company Survive a Ransomware Attack?
The 9 Controls That Separate Survivors from Victims
A practical guide for business leaders covering the nine operational controls that determine whether a company survives both ransomware encryption and data extortion, the two attack tactics that now define the threat. Every control is tagged for its relevance to each scenario. Includes a self-assessment checklist mapped to NIST CSF 2.0 and CIS Controls 8.1.
PDF · 17 pages NIST CSF 2.0 · CIS Controls 8.1 Free · Pay what you want
Get the Guide →

Pay what you want — including $0. No spam.

Get in Touch

Let's talk about
your exposure.

Whether you're ready to book an assessment or just want to understand what your risk looks like, start with a conversation.

Response Time
Within 24 hours on business days
Service Area
Canada & United States · Remote-first
Lead Qualifications
CISSP CISM CCSP
Book a Discovery Call
Free 30-minute call. No commitment required.
Your information is never shared or sold.
Get Started

Find out where you stand
before an attacker does.

Book a free 30-minute discovery call. No commitment, no sales pitch. Just an honest conversation about your ransomware risk.

Book Discovery Call → Download Free Guide
Canada & United States · Response within 24 hours on business days