Ransomware Resilience
Ransomware Containment Playbooks for IT Teams
Draft containment steps, evidence preservation, and recovery sequencing that legal and communications teams can endorse.
780,000 KRW · 22 hours · Instructor-led crisis labs
Program description
Teams rotate through containment simulations, log hygiene drills, and decision trees for isolating identity systems without bricking productivity. The course stresses honest timelines over heroic promises.
What is included
- Containment decision tree with identity isolation branch
- Evidence bag checklist for forensics partners
- Comms cadence template for internal and external updates
- Backup integrity verification before any restore attempt
- Tabletop kit for partial encryption scenarios
- Runbook for safe DNS and DHCP cutovers
- Lessons log for post-incident retrospectives
Outcomes you can evidence
- Publish a containment playbook with named approvers per branch.
- Complete an evidence preservation walkthrough without breaking chain of custody guidance.
- List two backup integrity checks your team will not skip under pressure.
Mentor
Rina Cho
Certification advisor with incident response partnership experience.
FAQ
Is this legal advice?
No. Counsel must review any public statements or regulatory filings.
Will we decrypt files?
No. Labs focus on containment and recovery sequencing, not cryptography attacks.
Coverage limits?
OT and medical device networks are referenced only briefly; deep ICS content is not included.
Participant notes
Evidence checklist saved us two hours on a dry run. ★★★★☆ because comms template needed localization tweaks.