Framework for a Comprehensive Ransomware Recovery Plan

Learn how to lay out a framework for a comprehensive ransomware recovery plan. You’ll find best practices in areas including preparation, staffing, stakeholder notification, containing the attack, data recovery, remediation, and learning from experience. You’ll see how to prepare for an attack, detect it, analyze it, recover your data, and remediate vulnerabilities.

Main points:

• A common misconception about ransomware is that “we are protected because we back up all of our data.”
• The first step in developing a ransomware recovery plan is to assemble a ransomware planning and recovery team that will create the plan and coordinate the response.
• Recovery from a sophisticated ransomware attack can take several days. Not all applications can be restarted at once. It is therefore very important to perform a business impact assessment.
• When a ransomware attack strikes, it’s too late to improve your backup processes or buy and learn new tools to deal with the crisis. For the most part, you must work with the resources you have in place.
• The final, crucial step in the preparation process is to create a playbook for the team and support groups. The playbook describes the steps that need to be taken under a variety of circumstances and who is responsible for performing them.