CC10 – Building a Ransomware Incident Response Plan

CactusCon 10 (2022) Talk
Building a Ransomware Incident Response Plan
Allan Liska

Live Q&A after this talk:

Join us on Discord! Learn more at

Despite your best efforts, there is a good chance your organization will be the victim of a ransomware attack. What do you do when that happens? Organizations need to plan for a ransomware attack. This talk will cover steps organizations can take to prepare for a ransomware attack and review the initial steps after an attack happens. Included topics include:
1. What log sources should be collected.
2. Getting the right people involved
3. Testing your IR plan

With more than 20 years of experience in ransomware and information security, Allan Liska has improved countless organizations’ security posture using more effective intelligence. Liska provides ransomware-related counsel and key recommendations to major global corporations and government agencies, sitting on national ransomware task forces and speaking at global conferences. Liska has worked as both a security practitioner and an ethical hacker at Symantec, iSIGHT Partners, FireEye, and Recorded Future. Regularly cited in The Washington Post, Bloomberg, The New York Times, and NBC News, he is a leading voice in ransomware and intelligence security. Liska has authored numerous books including “The Practice of Network Security, Building an Intelligence-Led Security Program;” “Securing NTP: A Quickstart Guide;” “Ransomware: Defending Against Digital Extortion;” “DNS Security: Defending the Domain Name System;” and “Ransomware: Understand.Prevent.Recover.”

source