To be sure, preparation is the key, and not being a victim is always better than being victimized by ransomware.
However, the best response strategies are in the following areas:
1. If you have a good understanding of your network and infrastructure, or if you are using a third-party managed service for this expertise, try to assess the damage as soon as possible. It is important to have the ability to understand the extent of the breach, perform root cause analysis, regain control of the environment, and identify potentially stolen data.
2. Understand where the data is, especially for the organization’s “crown jewels”. If they are properly segmented and have a good (clean) data backup repository, then the response to the attack is not a firedrill.
3. Make sure you have a robust incident response (IR) manual that specifically addresses ransomware and practices, practices, and practices down to the board level.
4. Make sure you have third-party expertise (other than lawyers, forensics, public relations, and communications experts) for your holders.
