Ransomware-Playbook.md

layout	title	type	track	technology	related-to	status	when-day	when-time	location	organizers	participants	outcomes
blocks/working-session	Ransomware Playbook	workshop	Security Playbooks			need-working materials	Fri	PM-2	Room-5	Anders Reeves		not-found

Why

Given the scale of the Ransomware market ($209 million paid in 2016), the scale of its operations (50% of organisations have responded to a Ransomware campaign), and increased use of technology in the form of exploits used to propagate attacks, it is a matter of time before a security team must deal with a Ransomware incident.

When that happens, it is imperative that clean workflows (aka playbooks) exist, so that the team can respond in a consistent, focused, and repeatable way. This Working Session will create a Ransomware Playbook for use by security teams.

What

• Create Ransomware Playbook

Outcomes

• Ransomware Playbook

Who

The target audience for this Working Session is:

• Security teams

References

• OWASP Anti-Ransomware Guide Project
• NHS cyber-attack: GPs and hospitals hit by ransomware (BBC news)
• Ransomware is Here: Fundamentals Everyone Needs to Know (presentation)
• What the Kidnapping & Ransom Economy Teaches Us About Ransomware (presentation)
• Existing Ransomwere playbooks
  • Windows Defender Advanced Threat Protection - Ransomware response playbook
  • 2016_Cyber_Security_Playbook
  • Playbook for Handling Ransomware Infections
  • The five Step Ransomware Defense Playbook
  • playbook-ransomware.yml

---

Working materials

• Draft Ransomware Playbook

(please add as much information as possible before the sessions)