Ransomware
Ransomware Readiness Kit (Cities/Counties)
Executive-friendly overview + minimum-viable checklist with links to the full playbook and templates.
Executive Summary (1 page)
Responsible use: adapt to your environment; avoid entering sensitive incident data into tools/templates; validate with policy/counsel as appropriate.
What this is
A practical readiness kit to reduce ransomware impact and improve response speed for public-sector orgs.
What success looks like
- Compromise is contained quickly without destroying evidence
- Backups restore cleanly (tested)
- Leadership decisions happen fast with documented roles/comms
Top 5 readiness priorities (minimum viable)
- MFA everywhere (email, VPN/remote access, privileged accounts, cloud admin portals)
- Immutable/offline backups + restore tests (quarterly minimum)
- EDR coverage on endpoints + servers with alerting configured
- Central logging (VPN, firewall, DNS, EDR, cloud audit)
- Admin segmentation (separate admin accounts/workstations; limit lateral movement)
30/60/90 day roadmap (starter)
- 30 days: confirm MFA scope, backup immutability, EDR coverage, and basic log retention
- 60 days: tabletop exercise with leadership; close the top 5 gaps; define patch SLAs
- 90 days: segmentation improvements; incident comms/templates approved; repeat tabletop
Key leadership decisions
- Who can authorize downtime / emergency change windows?
- What services must stay online (911, utilities, payroll)?
- Who owns communications (internal + public) during an incident?
How to use (fast)
- Complete the checklist and create a short remediation backlog.
- Confirm minimum viable logging so DFIR is possible.
- Run a 60–90 minute tabletop with leadership + IT + comms.
- Pre-stage comms templates and vendor contacts.