In this chapter, we discuss how to recover your IT environment from a ransomware attack. It is assumed that you have stopped and removed the ransomware threat and any other related malicious executables. This chapter dovetails with the material you learned in Chapter 8. You have either paid the ransom or not, and you have recovered what data you could either way. The ransomware program and attackers are no longer a threat. In this chapter, we will cover how to recover or rebuild your network and various popular platforms.

This chapter assumes your whole environment, or a large part of your environment, was impacted, and you're doing a full environment recovery. If the ransomware event was only a partial impact, you will want to modify your plan appropriately.

Big Decisions

There are still two major decisions to make, both of which were introduced in previous chapters. Decisions still need to be made now in order to continue going forward. The two big decisions are recovering versus rebuilding and determining the order in which to proceed.