Back to ResourcesSecurity Guide

Ransomware Readiness Checklist

A practical checklist covering backups, segmentation, detection, and incident response steps that reduce ransomware impact, built around how 2026's AI-assisted ransomware actually operates.

Before an incident

  • Maintain immutable, offline backups and test full restores at least quarterly, not just backup job success logs.
  • Segment networks so a single compromised endpoint cannot reach critical systems or backup infrastructure.
  • Deploy endpoint detection and response (EDR) with 24/7 monitoring, since AI-assisted attacks compress dwell time to a matter of days.
  • Maintain an up-to-date asset inventory so you know what's running, and what's exposed, at all times.
  • Test your incident response plan against a realistic ransomware scenario at least annually.

During an incident

  • Isolate affected systems immediately rather than waiting for full scope confirmation.
  • Preserve forensic evidence before any remediation or rebuild activity begins.
  • Activate your incident response plan's communication tree, legal, leadership, and (where applicable) regulators, on the timelines your compliance obligations require.
  • Do not assume backups are clean until they've been verified in an isolated environment.

After an incident

  • Run a blameless post-incident review focused on how dwell time and detection time can be reduced next time.
  • Update the incident response plan based on what actually happened, not just what the plan assumed would happen.
  • Re-test backups and segmentation changes before considering the incident closed.