Stop Kill-Chain Ransomware
Stop ransomware moving, spreading or reaching the crown jewels.
Stop ransomware moving, spreading or reaching the crown jewels.
Lateral movement prevention across IT and OT
Financial services, Healthcare, Public sector, Defence
How CP-01 stops the kill chain.
A FIRE-led pattern. The path between any compromised zone and the crown jewels is severed by default, opened only as a named event, and severed again on alert.
Grounded in MITRE ATT&CK TA0008, IEC 62443-3-3 SR 5.1 and NCSC ransomware guidance.
User and endpoint zone
Where the
Where the foothold typically lands
Named, scoped reach into core services
Core IT services
Identity, file,
Identity, file, mail, collaboration
Severed by default. Restored only as an approved Execute event.
Crown-jewel systems
Database, ERP,
Database, ERP, core record systems
Crown jewels · detail callout
Offline recovery vault
Tamper-evident copies, not reachable on the live network. The ransomware cannot touch them.
Modules & symbols
Modules in this Blueprint
How the CP-01 pattern composes.
Firebreak physically breaks the connection path. Isolate separates the affected environment. Execute triggers the control action the moment risk is detected. Unlink removes the persistent dependencies and Lock holds the crown jewels behind identity controls that ransomware cannot reach.
Related Blueprints
Compose alongside.
Contain Active Breaches
When prevention fails, containment must be physical, immediate and provable.
View BlueprintEnforce Physical Segmentation
Segmentation should not just be logical. It should be physically enforceable.
View BlueprintControl Third-Party Access
Give third parties access without giving them a permanent doorway.
View Blueprint
Build control around your environment
Talk to our team about composing this Blueprint for your estate.
Takes about 2 minutes. No account needed.