Security icon

Create a Disaster-Ready Ransomware Recovery Plan

Don’t let ransomware catch you off guard.

Get Instant Access
to this Blueprint

View Storyboard

Solution Set Storyboard Thumbnail


  • Ira Goldstein, Chief Operating Officer, Herjavec Group
  • Celine Gravelines, Senior Cybersecurity Analyst, Encryptics
  • Mayor Dan Mathieson, Mayor, City of Stratford
  • Kevin Cross, Network Operations Coordinator and Team Leader of for IT, Mohawk Council of Kahnawake
  • Two anonymous contributors

Your Challenge

  • Many organizations pay the ransom because they aren’t confident that they can recover sufficiently because of gaps in their incident response and disaster recovery processes.
  • Ransomware attackers use multiple attack vectors and can even allow ransomware to lay dormant so they infiltrate your backups, DR site, and even more endpoints before the ransomware is activated.
  • Ransomware is constantly evolving, and organizations can’t keep up.

Our Advice

Critical Insight

  • It’s just malware. Ransomware, although unique in its end goal, is still malware and can be prepared for accordingly.
  • You will have to pay, but you should choose who you pay. Whether you pay to modernize your security controls, for cyberinsurance, or for an MSSP, you want to avoid paying the attacker.
  • You can't prevent ransomware, but you can respond better. Mitigate the impact of ransomware with a security incident response plan that includes security awareness and training, disaster recovery, and business continuity.

Impact and Result

  • Effective and efficient management of ransomware involves a formal process of preparation, detection, analysis, containment, eradication, recovery, and post-incident activities.
  • Many conventional information security best practices can defend against a ransomware attack. Ensure you have security awareness and training, disaster recovery, and business continuity in place for your response strategy.
  • Stop worrying about becoming the next ransomware headline. Make the necessary preparations to defend your organization against the effects of ransomware

Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should to coordinate your incident management and disaster recovery programs to plan for and mitigate the impact of ransomware, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

2. Determine the business impact to understand acceptable RTOs and RPOs

Determine the overall business impact of a ransomware incident.

3. Develop a ransomware response and recovery plan

Develop the necessary incident response management workflows, which also include disaster recovery as a necessary component, to mitigate the impact of a ransomware incident.

4. Build a roadmap to close gaps

Build a roadmap and a ransomware strategic plan summary document to make recommendations for maturing your overall security posture.

Guided Implementations

This guided implementation is an eleven call advisory process.

Guided Implementation #1 - Assess ransomware readiness

Call #1 - Introduce project and complete security requirements gathering tool.
Call #2 - Perform gap analysis of incident management maturity.
Call #3 - Select mission-critical systems and applications.

Guided Implementation #2 - Determine the business impact

Call #1 - Estimate impact of a ransomware incident for selected applications.
Call #2 - Perform BIA (over several calls) to find acceptable RTOs/RPOs.

Guided Implementation #3 - Develop a response and recovery plan

Call #1 - Prepare tabletop exercise to determine ransomware recovery procedures.
Call #2 - Review results and identify gaps between current and target state.
Call #3 - Build runbook for ransomware for selected applications.

Guided Implementation #4 - Build a roadmap to close gaps

Call #1 - Identify and prioritize initiatives.
Call #2 - Build a project roadmap.
Call #3 - Outline results in strategic summary document.

Onsite Workshop

Unlock This Blueprint

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Assess Ransomware Readiness

The Purpose

  • To assess the overall readiness of your security program to respond to a ransomware incident.

Key Benefits Achieved

  • A strategic insight into your security’s obligations, scope, and risk tolerance
  • A gap analysis of current ransomware incident management maturity
  • A list of highly critical systems and applications




Complete high-level overview of activities and outcomes.


Establish your obligations, data protection goals, and risk tolerance.

  • Security Scope and Obligations Statement

Assess current ransomware incident management maturity.

  • Ransomware Incident Management Maturity Assessment

Identify mission-critical business activities and supporting systems and applications.

  • Applications and Dependency Mapping

Select three key applications to be the focus of this workshop and identify their dependencies.

Module 2: Determine the Business Impact

The Purpose

  • A business impact analysis enables you to identify appropriate spend levels, maintain executive support, and prioritize DR planning for a more successful outcome.

Key Benefits Achieved

  • An understanding of the overall business impact caused by a ransomware incident
  • Defined RTOs and RPOs for highly critical systems and applications




Define an objective scoring scale to indicate different levels of impact.

  • DRP Business Impact Analysis Tool

Estimate the impact of downtime.


Determine acceptable RTO/RPO targets for systems and applications based on the business impact of downtime.

Module 3: Develop a Response and Recovery Plan

The Purpose

  • Develop the necessary incident response management workflows to mitigate the impact of a ransomware incident.

Key Benefits Achieved

  • Current state assessment of ransomware incident management workflows
  • Completed runbooks for ransomware incident for select systems and applications




Conduct a tabletop exercise to determine current ransomware recovery procedures to identify gaps between current and desired capabilities.

  • Ransomware Response Workflow – Current State

Document desired features of future state and prioritize initiatives.


Develop runbooks for ransomware for selected applications.

  • Ransomware Incident Response Runbooks for Selected Applications

Module 4: Build a Roadmap to Close Gaps

The Purpose

  • Prioritize initiatives and build out a roadmap to develop your overall ransomware recovery plan.

Key Benefits Achieved

  • An overall understanding of your organization’s ransomware recovery strategic plan
  • An understanding of the preventative measures required to meet your organization’s information security risk tolerance level




Outline preventative measures and technologies for ransomware.


Create a project roadmap for identified ransomware recovery projects.

  • Ransomware Incident Management Roadmap

Develop strategic summary document for executive review.

  • Ransomware Strategic Plan Summary Document

Complete workshop executive presentation and debrief.

Member Testimonials

Unlock Sample Research

After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.




$ Saved

Days Saved

Corporation Of The City Of Orillia

Guided Implementation




Cascades, Centre des Technologies

Guided Implementation




Unity Health Care

Guided Implementation




Darling Ingredients

Guided Implementation




Capital Regional District






Guided Implementation




Packaging Machinery Manufacturers Institute

Guided Implementation




Office Of The Comptroller Of The Currency

Guided Implementation




Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019