THE BOOM

A critical incident strikes and your security is compromised.

Malicious hackers infected systems with malware and are holding your
organization hostage with a ransomware attack.

SYSTEMS CUSTOMERS INFORMATION GETS

SHUT DOWN IMPACTED OUT TO MEDIA

51% of organizations surveyed have experienced at least

one known security breach in the last 12 months
Forrester Global Business Technographics® Security Survey, 2019

RESPOND
You’ve detected the breach.
Now it’s time to activate your incident response plan to contain the threat.

Activate the incident response Assess impact and develop Create internal and external
plan and alert fusion team: mitigation strategies using communications for customers,
security leaders and heads of threat intelligence media, investors, and the public
key departments

DETECT AND MANAGE THREATS ORCHESTRATE YOUR RESPONSE

60 60

50 DEALING WITH RANSOMWARE 50

40 To pay or not to pay? 40

Ultimately, it is a business decision based on several factors.

30 30

20
In some cases, paying the ransom may be the best, or only option 20

10 10

There are risks when paying the ransom: the attackers may not honor the deal, faulty
0
ransomware encryption can destroy data and malware may remain hidden on systems 0

Recovering from backups means you don’t have to pay, but backups can be infected too, if
10 10

taken after the attackers had already gained a foothold in your network
20 20

30
Whether you pay or not, incident recovery professionals can help you restore systems 30

40 40

50 50
RANSOMWARE PLAYBOOK

60 60

RECOVER
Restore normal operations and review your incident response to
identify and fix gaps in your plans and playbooks.

Restore data from backups, Assess what went wrong, Update your incident response
eliminate latent threats and discover lessons learned and plans to correct issues
rebuild systems refine your strategy

ENHANCE CYBER RESILIENCE

OPTIMIZE
Continue to upgrade your security and prepare your team to minimize the
effects of future incidents

Test backups and use offensive Build your security culture Train your team and practice
security testing to help and mature your organization’s your incident response through
uncover vulnerabilities defenses simulations

OPTIMIZE YOUR SECURITY PROTECT DATA AND USERS TRAIN YOUR TEAM

ibm.com/security

Simulated conversations in the Terminal Chat tool were powered by IBM Watson chatbot

© Copyright IBM Corporation 2020

IBM Security
New Orchard Rd
Armonk, NY 10504

Produced in the United States of America April 2020
IBM, the IBM logo, ibm.com, and X-Force are trademarks of International Business Machines Corp., registered in
many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies.
A current list of IBM trademarks is available on the web at “Copyright and trademark information” at
ibm.com/legal/copytrade.html
This document is current as of the initial date of publication and may be changed by IBM at any time. Not all
offerings are available in every country in which IBM operates.
IT system security involves protecting systems and information through prevention, detection and response to
improper access from within and outside your enterprise. Improper access can result in information being altered,
destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in
attacks on others. No IT system or product should be considered completely secure and no single product, service
or security measure can be completely effective in preventing improper use or access. IBM systems, products and
services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve
additional operational procedures, and may require other systems, products or services to be most effective. IBM
DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR
ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.