The paper is a practical and short guide about urgent actions to take when your organisation is victim of a ransomware attack. The response starts with assessing the extent of the attack. Once you know what data were on the encrypted machines and have been exfiltrated, you can build your response.

Some other interesting points include:

  • Don’t turn off the infected devices or shut down the systems, but isolate them as much as possible. Having a running system might help when conducting detailed (forensic) analysis.
  • Assume that your business communication tools have been compromised, so communicate about your response through a separate and secure channel.
  • Set-up a crisis management team.

The security task force members unanimously expressed their wish that this paper highlight the need to take action now, before an attack happens. So, define your crisis team and cyber incident response plan beforehand, including the steps. Maybe even contract with a cyber incident response firm.

Also set up your communication plan: it is nearly impossible to do this once the cyber security incident has occurred.