Ransomware Checkup: Do You Know Your Ransomware Risk?

The threat posed byransomwarecontinues to grow every year. It is not only large corporations that are targeted by attacks, but increasingly also public institutions and small and medium-sized enterprises, which often have inadequate security measures in place. Attackers specifically seek out vulnerabilities and not only encrypt production data but also frequently threaten to publish confidential information.Axsos’ITQ Ransomware Checkup v3addresses this threat landscape: It assesses specific requirements, evaluates theransomware risk, and provides clearrecommendations for action to measurably improve your company’s security.

What is the ITQ Ransomware Checkup v3?

TheITQ Ransomware Checkup v3is a certifiedaudit procedure developed based on recommendations from the BSI, cyber insurers, state data protection authorities, and IT specialists. Theauditcomprises89 audit questionsdivided into five audit groups and delivers a high-quality, approximately 30-page final report featuring a graphical representation of the level of compliance, a detailed risk assessment, and prioritizedrecommendations for action. The audit methods include documentation review, activity analysis, measurement data analysis, on-site inspections, interviews, and document review.

Exam Questions in 5 Exam Groups
0
Pages of a high-quality final report
0
various risk classifications
0
Special price instead of 1,999 EUR
0

The Five Test Groups of the Ransomware Checkup

The largest audit group covers remote access, administrator accounts, data storage locations, email security on servers and clients, client security, software updates, antivirus protection, and firewall configuration. Of particular concern: inadequate patch management, the lack of multi-factor authentication, and insufficient email protection significantly increase therisk of ransomware.

A comprehensiveauditof the data backup strategy and backup processes. The audit examines backup intervals, responsibilities, recovery tests, and the physical separation of backups from the internal network. Attackers often encrypt not only production data but also backups. An external, network-independent data backup is therefore essential.

Nearly one in two security incidents is caused by human error. TheRansomware Checkupverifies whether user policies are in place, training sessions are held regularly, and new employees receive training as part of the onboarding process. Topics include: secure email practices, social engineering threats, and safe web browsing.

The review covers control measures such as brute-force detection and asset inventory, hardening measures through regular vulnerability scans, and logging policies with a central log server. A comprehensive security management system requires clearly defined responsibilities and regular reviews of security measures.
 

Without effective emergency management, aransomware attackcan threaten a company’s very existence. Theauditverifies whether an emergency notification plan is in place that includes forensic experts, IT support staff, cybersecurity authorities, and cyber insurance providers, and whether an emergency communication platform is available that continues to function even if internal systems fail.

What You'll Get from the Ransomware Checkup

TheITQ Ransomware Checkup v3does not provide an abstract assessment, but rather a practical roadmap. Allrecommended actionsare color-coded according toransomware risk: high-risk issues are marked in red, medium-risk issues in orange, and low-risk issues in gray. This way, you know immediately where action is needed.

01

Test Report

High-Quality Final Report

Approximately 30 pages with graphical representations of the compliance rate for each audit group, a detailed risk assessment, and a complete overview of the current status of all audited areas.

02

Measures

Up to 89 recommendations—

All recommended measures are color-coded according to risk level and organized into an initial implementation plan. In addition, a DSV file containing appropriate measures is generated.

03

Risk Assessment


: An Objective Risk Assessment

The risk matrix calculates risk scores based on probability of occurrence and severity of loss. The overall result provides clear guidance for the strategic allocation of the IT budget.

04

Proof

Limitation of Liability & Duty of Care

The Ransomware Checkup documents that a process to improve the level of protection has been initiated. This provides verifiable evidence for insurance companies and government agencies.

Well-Protected Against Ransomware: The Next Step

Information security is not a one-time project, but an ongoing process. TheITQ Ransomware Checkup v3provides the foundation for launching this process in a structured manner: with a clear picture ofyour currentransomware risk, prioritizedrecommendations for action, and verifiable proof of your due diligence. Upon request,Axsos will support you in implementing all recommended measures, from technical safeguards and employee training to emergency management.

Scroll up

Jamil Isayyed

Jamil is an experienced digital process professional, has a rich international background in the information technology and services industry spanning Germany, Greece and Palestine. He holds a Bachelor's degree in Computer Science and a Scrum Master certification from the Scrum Alliance with a focus on Computer Software Engineering. Jamil is passionate about leading and building high-performance teams that deliver exceptional experiences and create valuable opportunities for clients. In addition to his main role, he is the Director of Axsos Academy GmbH. In this role, he leads a dynamic German-Palestinian bootcamp designed to help young people enter the IT market and build a successful career.

Bernd Length

Bernd Länge has been working in the IT industry for over 20 years and advises clients and interested parties on cyber security issues as well as on the development and implementation of information security management and data protection. In this role, he acts as an external data protection and information security officer for clients. It is important to him to take a pragmatic approach and work closely with clients, partners and vendors to ensure that clients' enterprise security is up to date.

Martin Müller

As a technology enthusiast and committed leader, he has been helping companies in the IT sector to shape the future of work for over 20 years. Thanks to his quick thinking and ability to develop effective solutions, he is able to formulate a clear vision of what our future way of working will look like. Step by step, he overcomes challenges and drives us forward into the future. However, he does not accomplish these tasks alone. He has a competent team that he trusts completely and can rely on. Together they overcome every hurdle! Through positive, critical thinking, the second-best solution often leads to incremental success - after all, even an empire wasn't built in a day. This approach makes him unique in his role and he looks forward to working with you on the path to the future.

Rolf Stephan

His enthusiasm for information technology led Rolf to study computer science and graduate from the University of Karlsruhe, now the KIT / Karlsruhe Institute of Technology. Rolf has been working in the IT sector ever since and knows the industry inside out - both nationally and internationally. For more than 25 years, he has focused on international cooperation between experts across all cultures. He also pursued this approach in the first company he founded, AD Solutions AG, which quickly developed into a renowned international IT service provider with several branches in Germany, Switzerland, Austria and the USA. Rolf Stephan has been General Manager since 2010 and CEO of AXON IVY AG, headquartered in Switzerland, since 2021. He has been an investor, shareholder and Chairman of the Supervisory Board of Axsos AG since 2009.

Frank Müller

Frank is a passionate IT expert and visionary entrepreneur. He loves and believes in peace and freedom. For him, these values are more than just words. They are the result of great awareness, responsibility and a solid foundation. His foundation is his faith in Jesus and his unconditional love for people. Frank builds his great visions on this foundation, such as his commitment to peace in the Holy Land. He is not afraid to realize creative and unconventional ideas, such as founding a medium-sized company that spans four countries and cultures and offers its employees a great deal of freedom. Founding a bootcamp academy in the midst of the coronavirus pandemic is certainly one of these ventures. Through these efforts, Frank creates new innovations and added value for his customers and the people who travel with him. With more than 32 years of IT experience and 15 years as an entrepreneur, Frank helps other entrepreneurs focus on their core business and translate their needs into technology opportunities and implementations. His team and he can translate these requirements into a customized IT strategy, processes and technologies. Frank always has a heart for the people he supports and wants to encourage them to break new ground and develop their potential. Frank is open to exchanging ideas with people who see values not as CSR or marketing chatter, but as the basis of their actions. He seeks contact with people who want to change the world for the better. He also welcomes those who are looking for support from him or his team on their journey into the cloud, digitalization or the use of AI.