Your organization finds itself in the midst of a ransomware attack.  The attackers have commandeered your operations and locked you out of your organization’s data.  Business functioning has come to a grinding halt.  You find a ransom note among the encrypted files.  The attackers are holding hostage client/customer data they stole from you and demanding payment of a ransom in virtual currency under a threat that the stolen data will be released publicly if the ransom is not paid.  Where do you begin and how do you respond?  This program will highlight considerations for your organization when navigating this type of attack.  How do you contain the threat to make sure the attackers are out of your environment and to limit their ability to get back in to cause further harm?  When and how do you negotiate with cybercriminals?  How do you to get up and running safely and securely without delay while simultaneously preserving evidence needed to understand the nature and scope the attack, respond to customer/client inquiries about the attack’s impact on them, and determine your organization’s legal obligations?  What information do you share with third parties and when?  How do you balance the desire to be transparent against the risk of sharing inaccurate or incomplete information that is difficult to walk back later?  What investigative steps are involved and why are they needed?  What do regulatory and contractual notices entail?  How do you track the business impact of the attack?  Incident response specialists offer insights from the insurance, forensic, and legal perspectives to equip you with tools you need should these brazen attackers turn their attention to your organization.