Ransomware Readiness & Recovery

Flexible services and expert-led delivery to strengthen your cloud security posture.

Modern ransomware is fast, automated and unforgiving. A single click can lock up your files, stall your business and trigger days of painful recovery.

Peritus helps you prepare before an attack, respond calmly during one and recover safely afterwards, so a ransomware incident becomes a disruption, not a disaster.

Why ransomware is still winning

Ransomware has evolved from crude “screen lockers” into a mature business model. Criminal groups now:

  • Target backups as well as production data

  • Steal data before they encrypt it, then threaten to leak it

  • Use valid accounts and legitimate tools, so they look like normal users

  • Automate at scale, so you have minutes or hours, not weeks, to react

Technology helps, but it is not enough on its own. Most damaging incidents involve a mix of:

  • Gaps in backup and recovery

  • Weak identity and access controls

That is the gap this service is designed to close.

  • Poor visibility across cloud and SaaS

  • Unclear incident playbooks and roles

The Peritus Approach

Assess and prioritise risk

  • Review of your current controls across identity, endpoint, email, cloud and backup

  • Mapping of critical business processes and “crown jewel” data

  • Ransomware-specific attack path review, for example how an attacker could move from a phish to domain admin

  • Clear heat map of risk, business impact and likelihood

Harden and contain

  • Hardening recommendations for identity, admin access and privileged accounts

  • Review of backup strategy, retention and isolation, including restore testing

  • Email and endpoint policy tuning to reduce the chance of initial compromise

  • Network and SaaS hygiene recommendations to limit blast radius

Detect and respond

  • Ransomware playbook tailored to your environment and your team

  • Clear roles and responsibilities, including who decides what during an incident

  • Guidance on integrating existing monitoring, EDR or XDR tools into a simple response flow

  • Practical steps for tabletop exercises, so the first time you run the playbook is not during a live incident

Recover and learn

  • Recovery strategy to bring back critical services in the right order

  • Guidance on safe restore, including how to avoid reintroducing malware

  • Data exfiltration assessment and support for regulatory and customer communications

  • Post incident review approach, so each event leads to measurable improvement

ASSESS & PRIORITISE

  • Review of your current controls across identity,
    endpoint, email, cloud and backup

  • Mapping of critical business processes and
    “crown jewel” data

  • Ransomware-specific attack path review, for
    example how an attacker could move from a
    phish to domain admin

  • Clear heat map of risk, business impact and
    likelihood

DETECT & RESPOND

  • Ransomware playbook tailored to your environment and your team

  • Clear roles and responsibilities, including who decides what during an incident

  • Guidance on integrating existing monitoring, EDR or XDR tools into a simple response flow

  • Practical steps for tabletop exercises, so the first time you run the playbook is not during a live incident

HARDEN & CONTAIN

  • Hardening recommendations for identity, admin access and privileged accounts

  • Review of backup strategy, retention and isolation, including restore testing

  • Email and endpoint policy tuning to reduce the chance of initial compromise

  • Network and SaaS hygiene recommendations to limit blast radius

RECOVER & LEARN

  • Recovery strategy to bring back critical services in the right order

  • Guidance on safe restore, including how to avoid reintroducing malware

  • Data exfiltration assessment and support for regulatory and customer communications

  • Post incident review approach, so each event leads to measurable improvement

THE PERITUS APPROACH

What you get

Typical engagement outcomes include:

  • A focused ransomware readiness report

  • A prioritised action plan, grouped into “quick wins”, “next steps” and “strategic improvements”

  • A practical incident response playbook that your team can actually follow

  • Clear view of your backup and recovery posture and how resilient it really is

  • A short executive summary for senior leadership and the board

We can deliver this as a one off engagement or as part of ongoing security support.

How we work with your existing stack

Peritus is a specialist security partner, not a single vendor shop. We:

  • Start with your current tools and licences

  • Tune and integrate what you already own before recommending anything new

  • Make technology recommendations in plain language, with clear trade offs and costs

  • Help you compare options where change is justified, without pushing a single preferred product

If you already work with managed service providers or have an internal security team, we integrate with them rather than replacing them.

Who this is for

This service is designed for:

  • Organisations that would struggle to run a ransomware incident end to end today

  • IT and security teams who know there are gaps, but need an external view and a clear plan

  • Leadership who want to be confident that, if an attack happens, there is a playbook and a partner in place

Typical size: from a few hundred users up to mid enterprise.

What happens first

  1. Intro call
    We understand your environment, regulatory drivers and recent incidents or near misses.

  2. Discovery and review
    Workshops with IT, security and key business owners, plus a review of existing documentation and configurations.

  3. Findings and roadmap
    We present a concise summary of your ransomware exposure, plus practical next steps.

  4. Support to execute
    If you want help, we can stay involved to implement changes, test recovery and run exercises.

Frequently asked questions

  • No. The service is built to work with your current stack. We may recommend changes or additions, however the starting point is always to get the most value from what you already have.

  • Yes. We can provide incident support, subject to availability and engagement terms. Having this service in place beforehand means we already know your environment and can move faster.

  • Both. We look at technical controls, however we also map business impact, decision making and communications. Ransomware is as much about process and people as it is about tooling.

  • Yes. Many ransomware controls overlap with these frameworks. We can align recommendations with the standards that matter to you.

Ready to talk about ransomware readiness?

If you would like to embed this service into your wider security strategy, or you simply want an honest view of how exposed you are today, we can help.

Book a 20-minute Ransomware Readiness Call with our security team.