This exercise is designed to help technical and administrative staff or faculty prepare for a ransomware attack and understand their roles and actions if there was a real event. The exercise is expected to be at a higher level and not go down to detailed technical actions, but the outcome of the exercise may lead to documenting those specific activities.

Before starting, select people from your unit to take part in this table top exercise who would be present if you suffered a ransomware event.

Expected Outcome: This exercise will either validate a current incident response plan in relation to a ransomware attack or lead to creating a plan based on any gaps identified. Note: There are two variations of the scenario at the end of the document that can be used to practice further and improve your response.