Ransomware has evolved into one of the most severe cyberthreats against private and public sectors alike. Organizations are inundated with a barrage of intrusion attempts that ultimately morph into full-scale ransomware attacks. Efforts to combat these threats tend to primarily focus on detection and prevention, and while thwarting an attack is always the best approach, we must additionally improve our response and recovery efforts with a post-breach mindset. Assume that the defenses have failed and the risk has materialized. Are we then prepared to best salvage the situation with efficient, ransomware-specific incident response procedures? In this work, we present a ransomware response framework that can be leveraged to create highly effective ransomware response strategies. We provide a level of detail in this framework that balances adaptability versus actionability that both technical and executive stakeholders will find of use.
Read full abstract