Executive summary
In the Rogers Cybersecure Catalyst Cyber Range I ran a high-fidelity incident-response simulation of a Black Basta double-extortion ransomware attack on a financial institution — validating IoCs, producing real-time SITREP reports, quantifying vendor exposure, and delivering CISO-level briefings under simulated crisis conditions.
The problem
- A financial institution faced a Black Basta double-extortion ransomware scenario.
- IoCs had to be identified and validated in real time as threat intelligence emerged.
- Containment had to be balanced against business continuity under time pressure.
The solution
- Identified and validated IoCs across the double-extortion scenario.
- Produced real-time SITREP reports updating risk likelihood and impact.
- Quantified third-party vendor exposure and ranked remediation actions.
- Analyzed adversary TTPs including lateral movement and enterprise compromise.
- Delivered CISO-level briefings with risk narratives and cost–benefit analyses.
Technical architecture
How the system fits together - each layer reflects technology used on the real build.
Detection
IoC identification & validation
Assessment
Risk likelihood & impact scoring
Analysis
Adversary TTP mapping
Briefing
Executive decision support
Engineering challenges
Real-time risk updates
Continuously updating likelihood and impact as new threat intelligence emerged demanded disciplined SITREP cadence.
Vendor exposure under pressure
Quantifying third-party exposure and ranking remediation while balancing containment and business continuity.
Executive communication
Translating technical findings into CISO-level risk narratives and prioritized recommendations under crisis conditions.
Performance & SEO outcomes
Double-extortion ransomware in a financial institution.
Continuously updated risk likelihood and impact.
Lateral movement and enterprise compromise analyzed.
Cost–benefit analyses and prioritized recommendations.