Incident Response and Recovery
Containing, eradicating and restoring.
Have a Plan Before the Crisis
Incident response runs on preparation, not improvisation. A documented ransomware playbook, known roles, and rehearsed procedures turn chaos into a controlled process.
Response follows recognized phases: preparation, identification, containment, eradication, recovery, and lessons learned. This lesson walks through each in a ransomware context.
Activate the Response Team
Ransomware is a business crisis, not just an IT problem. The team spans multiple functions:
- Incident commander to coordinate and decide
- Security and IT for technical work
- Legal for breach obligations and sanctions risk
- Communications for internal and external messaging
- Leadership for business decisions
Use out-of-band communication (the attacker may be reading your email and chat).
All lessons in this course
- How Ransomware Works
- Prevention and Hardening
- Detection and Early Indicators
- Incident Response and Recovery