This plan is intended to prepare for and support incident response. Also known as a playbook, this plan serves organisations that have been, or think they may be, affected by a ransomware attack. It is important to stress that good preparation is essential for an effective incident response. Ransomware can be a serious threat to (ICT) services for an organisation with a long-term and costly impact. In the light of such a potentially serious incident, it is good not to have to think about what to do from scratch, but to have an initial outline to work from.
This document is organised according to the steps described in the SANS incident response cycle1. If it is used to increase resilience to a ransomware incident, the first phase will be particularly important.
It includes a wide range of aspects that will not suit all organisations equally. First of all, these are basic measures that can be used in recovery operations. In addition, there are more advanced measures
to limit the impact of an attack or to detect an attack early. Due to the diverse nature of the measures, their implementation will also vary greatly. Existing measures can sometimes be tightened up to
make them more effective. In other cases, the introduction involves an entire project, including appropriate processes and procedures.
Views: 3
