Recently I spoke with Ryan Chapman of the SANS Institute, author of the upcoming SANS course FOR528: Ransomware for Incident Responders, on how to better prepare for ransomware. That preparation comes in two forms: planning how you would respond to a successful ransomware attack and overcoming barriers to hardening your network against them.

Planning for a ransomware attack

Ransomware recovery should be nothing more than restoring a backup, but the reality is that you often have no idea what is needed to restore until faced with the restoration process. A SANS roundtable recently discussed whether to pay a ransom. In a perfect world we would not pay the attackers.