StarLeaf Standby

“A unique and powerful tool for organisations hit by ransomware”
– cyber resilience consultant to Fortune 100 organisations

Read our cyber resilience blog

Ransomware – a growing industry

Cyber attacks are at an all-time high, with a key driver being the proliferation of ransomware businesses over the past 24 months. With Ransomware-as-a-Service (RaaS) groups now offering sophisticated attack kits for trivial amounts of money, it is now possible for a broad range of malicious actors to mount devastating attacks on their victims. Given the huge sums of money available to successful attackers, and the low risk of being caught, it is unsurprising that this “industry” is growing and attracting top talent.

Cyber crises are inevitable

While all organisations should follow best practice when selecting and implementing their cybersecurity measures, you only need to look in the headlines to see that even the strongest defences, at organisations with the highest levels of cyber security funding, will occasionally fail. Imagine a total IT failure, while at the same time criminals, backed by some of the smartest hackers in the world, have access to your most confidential information and are trying to extort money from you, or worse. How will you communicate? How will you maintain critical business activities? How will you respond and recover?

Embrace the breach

Resilient organisations are balancing their focus between preventing cyber crises and preparing for them. StarLeaf Standby is a suite of tools that can assist in these preparations, and support your business in the minutes, days, and weeks following the start of a cyber crisis.

Watch our webinar

Explore how StarLeaf Standby can help your organisation be cyber resilient with our example ransomware cyber crisis timeline.


  1. Work with us and our partners to optimally configure StarLeaf Standby for a range of cyber crises. Use our incident simulation facility to assist with live-fire exercises to ensure that your colleagues are ready to respond and be resilient when facing a breach.

First 24 hours

  1. Once the breach has been identified, you cannot rely on the confidentiality, integrity, or availability of your primary communications platforms. Your attackers seek to gain information that will help advance their attack and maximise the chance of its success, both technically and psychologically.
  2. Leverage our independent, multi-tenant, and cross-organisational collaboration platform for secure incident response. Operationally air-gapped from your primary IT systems, it is hardened to operate in a complete IT failure and can be configured to have zero dependencies on your corporate network, devices, or primary services. Securely connect your incident response teams, crisis management teams, executive team members, third party providers, legal counsel, and all other parties required to mount a confident, swift, and effective response.
  3. With the confidentiality, integrity, and availability of your primary systems, networks, devices, and address book not guaranteed, you need a way to communicate with your employees.
  4. StarLeaf Standby provides timelapse snapshots of Active Directory on our independent platform to ensure that you always have access to the contacts you need. And with built-in SMS broadcast functionality, you can quickly let everyone know what’s happening.

24 to 72 hours

  1. With the primary response to the cyber crisis being supported by StarLeaf Standby, attention can now turn to establishing a minimum viable level of business operations.
  2. The Active Directory integrity for core operating team members is manually established, and their collaboration environments are failed over from Microsoft Teams, Webex, and Zoom to StarLeaf Standby. These teams begin to construct the workarounds required for their teams to re-establish business-critical activities.
  3. Colleagues were notified of the situation via SMS broadcast in the first 24 hours. All employees are now invited, by SMS, to join a CEO video address. A single click allows them to join this meeting on the StarLeaf platform, where their CEO provides reassurance and answers questions through a Q&A facility.

72 hours to 1 week

  1. With incident response, crisis management, and crisis communications activities still being supported by StarLeaf Standby, the digital forensics team have now established the date at which the breach took place. Armed with this information, a collaboration environment snapshot from before the breach date is used to fail over collaboration environments from Microsoft Teams, Webex, and Zoom, for all employees. They can now access their ongoing meetings and other collaboration activities through the independent StarLeaf platform.
  2. The core operating teams use this rich collaboration environment to begin implementation of the workarounds they constructed in the first days of the crisis, allowing the organisation to resume its critical activities.

1 week plus

  1. The disinfection and restoration of primary IT systems takes several weeks, with StarLeaf Standby supporting incident response, crisis management, and crisis communication activities, along with allowing the organisation to exceed a minimum viable level of business operations, minimising the impact of this ransomware attack.