Ransomware Damage Estimator
Enter affected systems, backup status, personal data scope and response time. Estimate your likely operational, regulatory and reputational damage in seconds, within the NIST SP 800-61, USOM 3 hour and KVKK 72 hour notification obligations.
Describe your incident
Recommended urgent action order
- RIGHT NOW: Isolate affected machines from the network (turn off Wi-Fi, pull Ethernet).
- Plan a restore from an air-gapped clean backup. Confirm the backup access is not compromised too.
- The KVKK 72 hour clock has started. Determine scope and open the Board notification form.
- Forensics team: image with a write blocker, take a RAM dump (without powering off), build a hash chain.
- DSET IR retainer: start remote response within 1 hour via +90 536 662 38 09.
How the scoring works
This tool scores four dimensions of a ransomware incident: (1) Operational disruption (affected system count, business criticality), (2) Data loss (backup status, last backup date), (3) Regulatory obligation (KVKK personal data scope, USOM critical infrastructure notification), (4) Reputational and legal (affected customer count, legal exposure).
Where do these numbers come from?
- USOM 3 hours: Incident notification threshold for critical infrastructure operators. See USTKAB guide.
- KVKK 72 hours: Data breach notification obligation. See KVKK breach + KVKK compensation.
- NIST SP 800-61 IR phases: detailed in IR Playbook.
- First 24 hours are critical: Ransomware first 24 hours with an hour by hour action list.
- EDR and defense layers: EDR vs Antivirus with MITRE ATT&CK mapping.
The result is not an exact cost, it is a categorical estimate. Real IR cost varies with incident size, insurance coverage and the KVKK Board decision. This tool helps you classify your case and set your response priority.
If you have an active incident, call +90 536 662 38 09 now. The DSET IR retainer team operates 24/7. Email: [email protected].