Ransomware continues to rapidly evolve and is designed to encrypt files on a system or endpoint, rendering that data unusable. Threat actors then demand a ransom in exchange for the decryption mechanism. These criminals have threatened to sell or leak data that has been exfiltrated unless the ransom is paid, and sometimes will do this anyway once the ransom is paid. While tactics continue to evolve, there are some basic, intermediate, and advanced activities those organizations can implement to prepare themselves for the ransomware incident.
This process that you have undertaken to gather data points about where your organization stands with respect to this evolving threat is a great step along the path of cybersecurity posture maturity. The intention behind collecting the data points in the following questions is to boil-down complexities of ransomware preparedness into actionable information suitable for executive-level sponsorship of your organization’s cyber risk mitigation strategies. In short, for this process to be successful, the better the inputs, the better the outputs.