In this chapter, we discuss how to create a detailed ransomware response plan, including why do it at all, when to do it, and what it should include. Many of the items summarized here will be covered in more detail in the later chapters.

Why Do Response Planning?

Why should any organization create a ransomware response plan? In one short sentence: to save time and money. Since at least 2020, well over a third to over a half of all surveyed organizations have been successfully exploited by ransomware in a given year. This means the likelihood of any organization being successfully attacked in a given year by ransomware is pretty high. Somewhere around half of organizations recognize the initial ransomware attack before it has been able to encrypt all the targeted data, although some organizations still end up paying because of the data exfiltration threats.

Organizations that aggressively and specifically prepare for ransomware attacks have a better chance of preventing ransomware, have a better chance of more quickly recognizing ransomware, and may be able to recover far more quickly and at lower cost than those organizations that do not. Creating and practicing a ransomware plan likely means faster detection, faster response times, lower damage costs, faster back to operation times, and less legal liability.

When Should a Response Plan Be Made?

When should you make a ransomware response plan? Now, before ransomware has successfully exploited ...