With ransomware continuing as a high-impact problem (with seemingly no end in sight), we’ve put together some useful ransomware resources for security practitioners. Security and risk (S&R) pros can use these resources to help prevent, protect, detect, and respond to ransomware outbreaks.
The links below are a mixture of Forrester’s own research and third-party links. These include incident response (IR), with ransomware as a subcomponent of IR. Some links tackle backup and resilience. There are also links to government bodies and, perhaps the most important links, to practitioners who are battling ransomware infestations day in and day out.
Forrester Analysts Covering Ransomware Topics
Forrester’s S&R and infrastructure and operations teams feature a strong group of analysts who cover topics related to ransomware, resilience, and recovery. These analysts include:
- Jess Burn: incident response and chief information security officer (CISO) crisis management
- Brent Ellis: cloud resilience
- David Holmes: Zero Trust
- Brian Kime: threat intelligence, critical infrastructure, and operational technology/industrial control systems security
- Allie Mellen: threat detection and response, security operations, and MITRE ATT&CK
- Jeff Pollard: CISO and board guidance on ransomware and managed detection and response
- Chris Sherman: endpoint protection platforms
- Heidi Shey: breach response and notification
- Steve Turner: Zero Trust and practitioner preparedness
Helpful Links For Combating Ransomware
We curated a number of helpful resources for S&R pros who are battling ransomware. These are all links to third-party websites that may be helpful.
Perhaps the best and most all-encompassing list of links for various IR use cases resides on GitHub: meirwah’s Awesome Incident Response.
Many of the links listed below are also included there, so consider it as a starting point for your ransomware research.
Australian Cyber Security Centre
Cybersecurity and Infrastructure Security Agency (CISA)
National Institute of Standards and Technology
- Preliminary Draft NISTIR 8374 — Cybersecurity Framework Profile for Ransomware Risk Management
- Tips & Tactics — Ransomware
- Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events
- Data Integrity: Recovering from Ransomware and Other Destructive Events
National Cyber Security Centre [UK]
Incident Response Playbooks, Guidance, and Tabletops
- PagerDuty’s Incident Response documentation
- IncidentResponse.com’s incident response playbooks gallery
- GuardSight’s GSVSOC CIRT Playbook Battle Cards
- Counteractive’s Incident Response Plan Template
- Matt Fuller’s (Level Up Coding) Cloud Security Table Top Exercises
Forrester Ransomware Research And Resources
We’d be remiss if we didn’t mention the research we’ve done on ransomware and incident response over the years. Blogs are published outside the Forrester paywall for anyone to read, while research reports are behind the paywall and only accessible by Forrester clients.
- Ransomware: Survive By Outrunning The Guy Next To You
- The Colonial Pipeline Cyberattack Is A (Another) Call For Zero Trust And Resilience In Industrial Companies
- Mind The Gap — Making Sure Your SaaS Application Data Is Protected
- Thinking Ransomware Defense: Air Gaps?
- Ransomware: The Nightmare Before Cyber Monday
- The Rising Tide Of Ransomware Requires A Commitment To Best Practices
- Victim Blaming Won’t Stop Global Ransomware Attacks
Ransomware And Disaster Recovery/Business Continuity Planning
- Ransomware Is A Business Continuity Issue
- Forrester’s Guide To Paying Ransomware
- Mitigating Ransomware With Zero Trust
- The State Of Disaster Recovery Preparedness In 2020
- Four Technologies Combine To Protect You From Ransomware Attacks
- The Forrester Wave™: Cybersecurity Incident Response Services, Q1 2019
- The Breach Notification Opportunity
- Maximize The Benefits Of Your Incident Response Retainer
- Mature Cybersecurity Incident Response Requires Legal Advice
- Now Tech: European Cybersecurity Incident Response Services, Q1 2020
Please note that we largely kept security vendor resources out of the lists here. Plenty of vendors have outstanding content for security teams, but you’ll likely find that the links above will be more than enough to keep your teams informed … and busier than ever (as if that was needed).
Forrester clients, please reach out to your account teams to schedule inquiries with any of the analysts listed in the report.