This playbook is provided by Information Technologies Services – Information Security (ITS-IS) to give a framework and typical workflow to help with recovering from a ransomware attack.

Ransomware is a form of malware used to perpetrate a cryptoviral extortion attack. In the attack, the malware encrypts the victim’s files, making them inaccessible, and an attacker demands a ransom payment to decrypt them. Additionally, the attackers may export the data before encrypting it and add the threat of public distribution of the data if the ransom is not paid. There can be other slight variations on the attack, but these are the most prevalent.

A ransomware attack in the context of this playbook is one where one or more university-owned devices have been infected with malware that has encrypted files, and a ransom demand has been issued.