Chapter 2, Part 1: Containment key to ransomware defense
DISCLAIMER: This case study depicts a fictional cyber incident based on real-life scenarios described by expert interviewees, media reports, and other publicly available resources. While the details surrounding the characters, company, and ransomware attack are imagined, the business concerns and legal issues raised are plausible and based on actual cases.
It is now Day 2.
In the conference room, several red binders are placed on the glossy table along with coffee cups and bottles of water. The binders are identical from front to back, their pages crisp, barely touched since they were collated last year. In each binder, there is a printed version of VE’s cyber incident response playbook, including a list of the full cyber incident response team (CIRT). Names, roles, contact information, and potential alternates for each role are documented.
The chief executive sits at one of the far ends of the table. She’s making a valiant effort to stay calm under the circumstances. She’s leaning forward in her chair, awaiting each member of her team to speak their piece. Several key stakeholders are on the secure conference bridge, and there are no empty seats at the table.