Skip to main content
Strategic Advisory

Ransomware Response

When encryption hits, who decides what?

Walk through a ransomware attack scenario from initial detection through recovery and post-incident activities.

Request a Quote Learn More

Overview

Ransomware attacks force rapid, high-stakes decisions—isolate systems and lose productivity, pay ransom and fund criminals, recover from backups that may not exist. Ransomware Response exercises walk your team through a realistic attack scenario, testing detection capabilities, containment decisions, recovery procedures, and the cross-functional coordination that real incidents demand.

Common Questions

Should we practice actually paying ransom?

We discuss the decision-making process—who has authority, what factors to consider, how to acquire cryptocurrency if needed. Whether your organization would pay is a policy decision; we test that the decision can be made quickly when needed.

What if we've never had a ransomware attack?

That's exactly why you should practice. The exercise reveals gaps you'd discover during a real attack—gaps that are much cheaper to fix now than during an actual incident.

Do you include technical recovery steps?

We focus on decisions and coordination, not technical procedures. We'll discuss recovery at a strategic level—prioritization, timeline, verification—but detailed technical recovery is typically handled separately.

How do you handle the ransom negotiation aspect?

We include negotiation as a scenario element—attackers responding, deadlines changing, proof of decryption offered. This tests how your team handles adversary communication, whether you'd engage directly or through intermediaries.

Other Tabletop Exercises Options

Data Breach Response

Practice responding to unauthorized data access, including notification requirements and regulatory response.

Learn more

Insider Threat Scenario

Test response to malicious or negligent insider actions, including investigation and containment.

Learn more

Business Email Compromise

Respond to executive impersonation and payment fraud scenarios targeting finance teams.

Learn more

Supply Chain Attack

Practice responding when a trusted vendor or software is compromised, affecting your environment.

Learn more
Back to Tabletop Exercises Get a Quote

Ready to Strengthen Your Defenses?

Schedule a free consultation with our security experts to discuss your organization's needs.

Schedule Consultation Call Us

Or call us directly at (445) 273-2873