🚨Interactive Checklist

Ransomware Preparedness Checklist

Verify readiness to prevent, detect, and respond to ransomware attacks.

25 items0%

Critical items (marked ★) carry higher weight. Focus on Prevention & Hardening and Backup & Recovery first — these have the highest impact on ransomware resilience.

LinkedIn·X·Facebook

Prevention & Hardening

Reduce the attack surface and prevent initial compromise.

0/5

Multi-factor authentication (MFA) is enforced on all remote access, privileged accounts, and email systems.★ Critical

1.1

Endpoint detection and response (EDR) is deployed on all endpoints including servers.★ Critical

1.2

Network segmentation isolates critical systems (e.g., backups, AD, OT) from general user networks.

1.3

Email filtering with attachment sandboxing and URL rewriting is in place.

1.4

Vulnerability management programme patches critical vulnerabilities within 72 hours of disclosure.

1.5

Detection & Response

Detect ransomware activity early and respond before encryption spreads.

0/5

A 24/7 security monitoring capability (internal SOC or managed detection and response) is operational.★ Critical

2.1

Ransomware-specific detection rules are deployed (e.g., mass file renames, shadow copy deletion, known ransomware IOCs).

2.2

An incident response plan specific to ransomware has been documented and tested within the past 12 months.★ Critical

2.3

Network isolation procedures can quarantine affected segments within 30 minutes.

2.4

Threat intelligence feeds are integrated into detection tools to identify emerging ransomware variants.

2.5

Backup & Recovery

Ensure data and systems can be restored without paying a ransom.

0/5

Immutable or air-gapped backups exist for all critical systems and data.★ Critical

3.1

Backup restoration has been tested end-to-end within the past 90 days with documented recovery times.

3.2

Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) are defined and achievable for Tier 1 systems.

3.3

Backup credentials are separate from production Active Directory and stored in a break-glass process.

3.4

A clean-room recovery environment is available to rebuild systems without reintroducing malware.

3.5

Organisational Readiness

Prepare leadership, legal, and communications for a ransomware event.

0/5

Executive leadership and the Board have participated in a ransomware tabletop exercise within the past year.

4.1

A pre-negotiated retainer with an incident response firm is in place.

4.2

Legal counsel has provided guidance on ransom payment policy, regulatory reporting, and law enforcement engagement.

4.3

Crisis communication templates are prepared for customers, employees, regulators, and media.

4.4

Cyber insurance policy covers ransomware, business interruption, and incident response costs, and has been reviewed within the past year.

4.5

Post-Incident

Learn from incidents and continuously improve ransomware defences.

0/5

A formal post-incident review process is defined that captures root cause, timeline, and remediation actions.

5.1

Lessons learned from exercises and real incidents are tracked to closure in a remediation backlog.

5.2

Threat modelling is updated after each incident or major threat intelligence update.

5.3

Ransomware readiness metrics are reported to the Board at least quarterly.

5.4

Third-party penetration testing includes ransomware simulation (e.g., assumed breach, lateral movement testing).

5.5