⚠ Corporate IT Infrastructure Read-only

Ransomware on ERP Software Suite

Top event: Ransomware deployed on the ERP software suite

Analysis of attack paths that could result in ransomware encrypting the ERP system and the operational, data, and supply-chain consequences that follow.

Bow-Tie Diagram

Hazard

Corporate IT Infrastructure

Internal networks, servers, endpoints, and business applications (including ERP) that support core business operations

Threats (causes)

Phishing Attack on ERP Users

Targeted phishing email tricks an ERP user into revealing credentials or executing a malicious attachment

Category: Social Engineering

Prevention barriers

MFA on ERP Access Not evaluated

Enforce multi-factor authentication for all ERP user and administrator accounts, including service accounts

Network Segmentation of ERP Environment Not evaluated

ERP servers isolated in a dedicated VLAN with strict firewall rules; no direct internet exposure

Exploitation of Unpatched ERP Vulnerability

Attacker exploits a known, unpatched CVE in the ERP application or its underlying middleware to gain remote code execution

Category: Software Vulnerability

Prevention barriers

ERP Patch Management Not evaluated

Monthly vulnerability scanning and patch cycle for the ERP application, OS, and middleware components

Network Segmentation of ERP Environment Not evaluated

ERP servers isolated in a dedicated VLAN with strict firewall rules; no direct internet exposure

Compromised Privileged ERP Account

Admin or service account credentials for the ERP system are stolen via credential stuffing or password spray and used to deploy ransomware

Category: Credential Theft

Prevention barriers

MFA on ERP Access Not evaluated

Enforce multi-factor authentication for all ERP user and administrator accounts, including service accounts

Consequences (effects)

ERP System Unavailability

Core business processes (finance, procurement, logistics) are halted while encrypted ERP servers are restored

Category: Operational Impact

Mitigation barriers

Immutable Offline ERP Backups Not evaluated

Daily encrypted ERP backups written to offline or air-gapped storage; restoration tested quarterly

Ransomware Incident Response Plan Not evaluated

Documented playbook for ERP ransomware: isolation steps, stakeholder communication, and phased recovery sequence

Business Continuity Procedures 71% effective

Manual fallback procedures for critical financial and procurement processes to sustain operations during ERP outage

Implementation: We hebben alle administratie ook op papier in multomappen.

Evaluated 2026-04-10…

Loss or Corruption of Business Data

Financial records, inventory data, and transactional history are encrypted or destroyed, threatening data integrity

Category: Data Impact

Mitigation barriers

Immutable Offline ERP Backups Not evaluated

Daily encrypted ERP backups written to offline or air-gapped storage; restoration tested quarterly

Ransomware Incident Response Plan Not evaluated

Documented playbook for ERP ransomware: isolation steps, stakeholder communication, and phased recovery sequence

Supply Chain Disruption

Inability to process purchase orders, goods receipts, or invoices causes supplier and customer delivery failures

Category: Business Impact

Mitigation barriers

Business Continuity Procedures 71% effective

Manual fallback procedures for critical financial and procurement processes to sustain operations during ERP outage

Implementation: We hebben alle administratie ook op papier in multomappen.

Evaluated 2026-04-10…

Ransomware Incident Response Plan Not evaluated

Documented playbook for ERP ransomware: isolation steps, stakeholder communication, and phased recovery sequence

Diagram Legend

Hazard

Top Event

Threat

Consequence

Prevention barrier (colour = effectiveness)

Mitigation barrier (colour = effectiveness)