How would ransomware affect you?

  • Estimate the business impact of a major cyber event in your network and test your readiness.

Compromised Hosts


% of total 34%

Compromised Users


% of Total 27%

Encryptable Data

8.9 TB

% of Total 13%
fortynorth logo
For Analysts and Executives

Ransomware Readiness Software

Quantify the risk posed to your business by ransomware, verify your existing security controls, and identify remediation opportunities.

Safety First

Riskatto is a controlled simulation

Riskatto cannot encrypt files.

Riskatto does not contain the code to encrypt files. Our goal is to enumerate the magnitude of a potential event, not cause one.

Written by Security Engineers

Riskatto was created by seasoned security engineers with a reputation of integrity and open-source publications in the offensive security community.

Safe Defaults

Our code conducts multiple checks to ensure it's authorized to run. Users can cancel a scan at any time and all Riskatto agentless clients will exit.

Riskatto Configuration

Key the data collector to your environment.

Quantify Business Impact

Riskatto simulates networked ransomware

Gain a snapshot of your security posture and quantify the following measures:

  • Encryptable Files
  • Exfiltratable PII
  • Compromisable Users
  • Compromisable Hosts
  • Compromisable Shares
  • Attack Velocity
  • Attack Path
  • Vulnerable Backups

Scan Remediation Guidance

Overly Permissive Network Share(s)

During scanning, Riskatto determined that the network share (SHARE-1) allowed all domain users to access (and write to) every single file. This totaled 7.5 TB of data. Ransomware would quickly encrypt all files on this drive and prevent your organization from accessing them. To reduce your attack surface, Riskatto recommends manually reviewing each folder (and ideally file) to determine which users need access. Apply the principle of least privilege.

Local Administrator Password Re-Use

Remediation Guidance Under Development

Identify Quick Wins to Strengthen Security

Riskatto analyzes the attack path and suggests configuration changes to disrupt attackers.

  • Block Lateral Movement Pathways
  • Restrict Over-Permissioned User Accounts
  • Lock Down Network Shares
  • Identify Network Segmentation Opportunities
Analyze and Model

Actionable Information

Organizations often lack sufficient data to quantify the potential business impact of a ransomware event in their network. Business leaders need hard numbers to make more informed decisions to enhance their security posture.

Visualize Ransomware Spreading in your Network

Determine how ransomware could spread in your network and identify opportunities to remediate insufficient security controls. Dissect which user accounts, hosts and lateral movement vectors enabled compromise.

Measure the Attack Velocity

Identify how quickly ransomware would spread to understand how quickly your SOC would need to respond to prevent a critical incident.

Quantify your Data at Risk

Riskatto tracks the the files (including their paths and size) that ransomware could encrypt in your network. Riskatto v2.0 will identify the amount of encrytable/exfiltratable data that likely contains PII, which could trigger mandatory reporting requirements.

Identify Compromised Users, Hosts and Shares

Track the user accounts, hosts and shares that were leveraged by the simulator to spread throughout your network. Take actions to limit accounts, hosts and shares with excess privileges and adjust permissions levels to adhere to the principle of least privilege.

Estimate the Incident Cost

Under Development

Riskatto provides an estimated cost to remediate the ransomware event simulated in the scan. Our models take into account firm demographic information, mandatory reporting requirements, seasonality as well as the overall business impact generated by the simulation.

Estimate the Ransom Payment

Under Development

In the event you were opt to pay a ransom, how much would that cost in an actual cyber security incident? Riskatto combines industry data with the unique attack surface area mapped in your environment to model an estimated payout price in Bitcoin and USD.

More to Come

We're constantly coming up with new ways to slice and dice the data Riskatto collects. We're also happy to work with our Yearly Plan clients to build custom data analytics models to target specific metrics important to your organization. Let us know what's important to you and if we can build it, we will!


Riskatto is ransomware readiness software (SaaS). It's designed to be used as a self-service platform; however, for yearly license clients we provide a dedicated ransomware analyst to help your team interpret the results.
We recommend running Riskatto in your production Active Directory environment. Riskatto only runs on Windows machines (for now). Riskatto is NOT designed to run on an Operational Technology (OT) network.
Unlike other products (such as Breach and Attack Simulation tools), Riskatto is designed to help organizations understand the business and IT infrastructure impact due to a significant malware event (such as ransomware). Riskatto was not designed to evade your defensive controls. We won't tell you if you can "catch" a particular TTP, but rather provide you with a readiness assessment of a significant malware event occuring in your network. Additionally, we provide guidance on security controls to reduce your attack surface and lessen the impact.
Riskatto is software that helps organizations estimate the risk to their bottom line and IT infrastructure if ransomware were to attack their network.  
This all started from our red team and pen test clients asking us "how bad would it be if ransomware got in our network?". We heard this question from the c-suite; they wanted to know how much insurance to purchase, how many new security headcount to add to the budget, etc. Similarly, front line managers wanted to know the potential impact from a ransomware event to enumerate the impacted systems, predict downtime, identify preventative controls, etc.  
So, we built Riskatto to help the c-suite quantify business risks and to help infosec teams assess their readiness to respond to a ransomware event in their network.

We're sure you have questions. Please don't hesitate to email or call us. We're happy to talk high-level or get into the technical weeds.