Back to ResourcesSecurity Guide
Ransomware Readiness Checklist
A practical checklist covering backups, segmentation, detection, and incident response steps that reduce ransomware impact, built around how 2026's AI-assisted ransomware actually operates.
Before an incident
- Maintain immutable, offline backups and test full restores at least quarterly, not just backup job success logs.
- Segment networks so a single compromised endpoint cannot reach critical systems or backup infrastructure.
- Deploy endpoint detection and response (EDR) with 24/7 monitoring, since AI-assisted attacks compress dwell time to a matter of days.
- Maintain an up-to-date asset inventory so you know what's running, and what's exposed, at all times.
- Test your incident response plan against a realistic ransomware scenario at least annually.
During an incident
- Isolate affected systems immediately rather than waiting for full scope confirmation.
- Preserve forensic evidence before any remediation or rebuild activity begins.
- Activate your incident response plan's communication tree, legal, leadership, and (where applicable) regulators, on the timelines your compliance obligations require.
- Do not assume backups are clean until they've been verified in an isolated environment.
After an incident
- Run a blameless post-incident review focused on how dwell time and detection time can be reduced next time.
- Update the incident response plan based on what actually happened, not just what the plan assumed would happen.
- Re-test backups and segmentation changes before considering the incident closed.
