Ransomware Resilience & Incident Response Accelerated Training

Introducing Ransomware Resilience & Incident Response


Course Duration

2 Days


Ransomware is a major danger to businesses today. Over $6.5 billion in ransom was paid to Ransomware criminals throughout the world last year. Anyone can fall victim to ransomware. Ransomware has affected individuals, businesses, and government entities of various sizes. The question is not whether you will be a victim, but when you will be a victim. What are you going to do about it if you are? How effectively do you understand and prepare for Ransomware?

Because reacting to a ransomware event adds new dimensions to the regular incident response plan, each business should have a customized Ransomware Incident Response strategy in addition to their standard incident response plan.

We teach participants how to detect, contain, and respond to ransomware assaults throughout this course. We will walk you through the ransomware response plan’s preparation to operational phases. Students will acquire hands-on experience coping with various varieties of ransomware.

  • Get in-depth knowledge about ransomware, and how to identify the various types
  • Learn how to detect, identify, and respond to ransomware as soon as possible
  • Understand various Ransomware infection vectors, and how to counter them
  • Learn how ransomware gangs work and how to counteract their operations
  • Learn how to stop a ransomware assault in Its early stages
  • Discover how to proactively dodge ransomware assaults in real-time.
  • Understand the MITRE ATTACK Framework and how to use it to fight ransomware advisories
  • How to Spot a Ransomware infection on your network before it encrypts your data
  • Know what measures to take during a ransomware attack so that data can be contained, and damages can be minimized.
  • Understand the Ransomware Kill chain process and how to stop it
  • Understand how Ransomware encrypts data and use this knowledge for mitigating actions.
  • Create an incident response strategy in the case of a ransomware attack
  • Understand the mitigations to apply in your email systems to prevent the spread of ransomware
  • Learn how to prevent ransomware criminals from using your organization’s email system to send phishing emails to people both inside and outside your network.

Day 1

Introduction to Ransomware

  • What Is Ransomware?
  • The history and evolution of ransomware over the years
  • How Ransomware Works
  • What are the different types of ransomwares?
  • What is human-operated ransomware (HumOR)?
  • What are the entry points of Ransomware into your system?
  • A good look at ransomware attack stages: Campaign, Infection, staging, scanning and encryption, and Payday.
  • Who are behind these ransomware attack? A detailed look at two of the world’s most prolific ransomware groups.

Ransomware Infection Vectors

  • What are the common infection vectors used by attackers and how do you deal with them?
  • The Common Exploit Kits used by attackers and why they are so successful
  • What can you do about these tools and how can you block them from your network?
  • The Command and Callback (C&C) and Indicators of Compromise
  • How to look for potential ransomware infection in your network

Developing Ransomware Countermeasures

  • Holistic improvement of security using the tools you already have.
  • What are the additional things you need to do to protect your operating systems, networks, and end-users?
  • Defending the endpoints devices and users
  • Using next Generation Anti-virus/Anti-malware

Day 2

Email Security

  • Reduce the risk of ransomware by improving the security of your email system
  • Reduce the chance of email domain spoofing and prevent phishing attacks
  • Implement email encryption/digital signature to stop the impersonation of company staff.
  • Have solutions in place to detect and eliminate potential attacks via email.

Looking at Mitigating Action

  • What are the different risk mitigation actions you have?
  • What is the role of Insurance companies against ransomware?
  • What are the best practices to protect your organization against Ransomware?
  • Good understanding of security concepts

Ransomware Incident Response Plan:

  • The Incident Response Lifecycle
  • Developing an incident response plan in case of a ransomware attack.
  • Developing a ransomware response policy – pay the ransom or not
  • What are the first critical steps you must follow when you get attacked?
  • Understanding the Indicators of Compromise
  • Incident Response: Detection and Containment
  • How to Detect the early stage of Attack
  • Learn to contain a ransomware attack
  • Incident Response: Eradication and Recovery
  • How to recover from a ransomware attack
  • The recovery of Local, and Network Files
  • Tools and resources to fight against ransomware

Developing Ransomware Countermeasures

  • Leverage current tools and build a holistic anti-ransomware response plan
  • Improve the security of your email system
  • Reduce email domain spoofing and prevent phishing attacks
  • The role of Insurance companies on ransomware?
  • The best practices to protect your organization against Ransomware.

This course is designed to provide insight into ransomware to professionals involved in designing, securing, and responding to incidents within their enterprise. It is for anyone who would like to know more about ransomware and how to mitigate them in the enterprise, and those who are responsible and accountable for the protection of the information systems:

  • IT managers
  • Chief Information Security Officers (CISO)
  • Information Security professionals
  • System Administrators
  • Security Engineers
  • Incident Response Managers
  • Operational Managers
  • Risk Managers



    To benefit from the training, you are expected to have a strong knowledge of networking and TCP/IP protocols. Understand how the various layers of the OSI model work together. How to capture and analyse network packets. Good working understanding of the Linux OS. 

    System Requirements:

    Some of the labs will be performed in the cloud and others on your local laptops. As such, you need to have admin access to your system and be able to access the internet.

    Therefore, your system should meet the following requirements:

    • A modern laptop with full Admin access
    • Unrestricted Internet
    • An OpenSSH client installed
    • A PDF reader

    Course Registration Form

    Type in your details to register for this course below.