Ransomware Readiness: How Long Can Your Company Hold?
Adversarial simulation with real TTPs from LockBit, ALPHV/BlackCat, BlackBasta, Akira, Play, RansomHub. C-level tabletop. Immutable backup validation.
Why now
The real pain
In 2024-25 Brazil entered the global top 5 of ransomware targets. Auto dealerships, hospitals, credit unions, supermarkets, city halls. The question is no longer "will we be attacked?" — it became "how long can we last before paying or stopping?". Whoever finds out only at the incident loses by default.
References and threat actors
/attack-surface
Ransomware Readiness
Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.
Simulated initial access
Spear phishing, external-exposure exploitation, or assumed-breach. MITRE T1566, T1190, T1078.
Internal recon and Active Directory
BloodHound, identifying backup server, file server, hypervisor, EDR install path.
Persistence and EDR validation
Scheduled task, WMI subscription, service install — testing whether EDR detects the artifacts.
Simulated exfiltration (double extortion)
5-50GB of dummy data over DNS tunneling/HTTPS/cloud — validating DLP and egress visibility.
Pre-encryption (no execution)
We reach the point where encryption would execute. We validate whether the immutable backup survives a domain-compromise privilege.
Backup integrity validation
Real restore time, snapshot integrity, credential separation, retention vs. attacker dwell.
C-level tabletop
4-6h on-site with CEO/CFO/CIO/CISO/legal simulating decisions: pay? notify? activate insurance? communicate to the market?
Executive report + 30-60-90 plan
MTTD, MTTC, estimated MTTR, simulated downtime cost, investment prioritization.
/methodology
Genuinely manual pentest
Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.
01 · Reconnaissance
Target mapping, OSINT, footprint, sector-specific threat modeling.
02 · Discovery
Deep enumeration, complementary scanning, manual exposure identification.
03 · Exploitation
Manual validation with controlled PoC, finding chaining, escalation.
04 · Report
Executive + technical, step-by-step replication, mapped to applicable regulation.
/why-trust
Who has trusted our work
Post-incident and preventive engagements in healthcare, food retail, credit unions and the public sector.
Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.
Douglas Lopes
Founder · CEO · intrus.io
/faq
FAQ — Ransomware Readiness
Is ransomware readiness the same as pentest?
No. Pentest covers vulnerability breadth. Readiness simulates a specific active ransomware playbook (LockBit, ALPHV, BlackBasta, Akira, Play, RansomHub) and measures whether the company detects, contains and recovers.
Does immutable backup protect against ransomware?
In theory yes. In practice, 70% of Brazilian companies discover at incident time that their backup was accessible by the same compromised domain — or that retention doesn't cover the 60-90 day attacker dwell.
How long does it take?
3 to 8 weeks. Includes technical simulation (2-4 weeks), C-level tabletop (1 day) and executive report + plan (1-2 weeks).
Do you actually encrypt data?
No. We demonstrate technical capability in mirror environments or controlled PoCs. In production, we stop at the point where encryption would be possible and document it. The exercise prepares — never causes an incident.
Worth it for small companies?
Yes, with lean scope. Cooperatives, clinics and SMB retail can run a useful exercise for BRL 35-80k. Enterprises pay BRL 120-350k.
/contact
I want to know how long I can hold
Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.