We’ve been hit, how can CyberDefenses help? Incident Hotline

Cyber Defenses Academy

Responding to Ransomware


Currently Unavailable - Join the waitlist to be emailed when this product becomes available

Product Description

Course Objectives

Through the user interactive labs the student will learn:

This course provides a professional who responds to issues from customers or internally to their own company, a set of tools and techniques to understand when ransomware is the issue, how to triage and handle its spread, then preserve evidence and clean up afterward.

The course is designed for those with an interest but no background in handling ransomware issues. It conveys the necessary concepts, principles and terms to lay down a solid foundation.  If you have that requirement then it will serve your needs well.

The course is an introductory class on several tracks CDI offers for the professional starting out.

Date & Time


CDI Academy
1205 Sam Bass Road, Suite 300
Round Rock, TX 78681
(512) 255-3700

Target Student

  • Individuals new to or desiring a better understanding of how to respond to ransomware.
  • Professionals who deal with technical issues but feel they do not have enough background in ransomware and responding to solve its dilemma
  • Technical professionals that need to be armed with greater knowledge of incident response, ransomware and their role in resolving it.

Course Outline

  1. Introduction
  2. Defining Ransomware
  3. Understanding the Threat
  4. Response Actions
    • Inquire
    • Verify
  5. SAR Model to Act
    • Secure
    • Assess
    • Recover
  6. Wrap up and Close

Additional Information

  • Laptop required
  • Requires basic knowledge of computers, technology and command line interface (CLI)
  • Assume students can open and operate browsers, find and use the command line, execute scripts and open programs
  • Prior experience not required
  • Understanding of virtual machines (VM) and how to use one
  • Assume students understand how to import and power on a VM

What’s Next

The following CDI courses are good follow-ups:

Your Instructor

Monty St John

Monty St John has been in the security world for more than two decades. When he is not responding to incidents he teaches classes in Threat Intelligence, Incident Response and Digital Forensics.


Certification of Completion

Additional Information

This class is part of a three-part Ransomware series and is geared towards information technology (IT) professionals who may need to respond to ransomware. This course has two companions: Operational Response – Ransomware, which focuses on SOC/IR Response, and Strategic Response – Ransomware, which focuses on Threat Intelligence. These three classes may be taken in any order.

To determine if the Tactical Response – Ransomware course is right for you, ask the following questions:

  • Do you work in information technology and deal with Ransomware?
  • Do you work with customers to triage their computer issues and find Ransomware to be a regular scourge?
  • Do you need to be conversant with Ransomware, how it infects and laterally moves within a network to keep your company or customers from showing up in the news as the next breached company?
  • Just want to understand better how to fit into the incident response, threat intelligence and security operations center cycle and their response to Ransomware?

If you can see yourself even considering the answer yes to any of those questions, the Tactical Response – Ransomware course should be your next destination. Power up your knowledge and skills with insight and instruction on these critical topics that are fundamental to ending the Ransomware scourge.

This course provides tools to a professional who responds to issues from customers or internally in their own company. These are tools and techniques to understand when Ransomware is the issue, how to triage and handle its spread, and then preserve evidence and clean up afterward.

Note: This course has a short introduction and then dives into a series of labs to provide practical experience. Each step of the course beyond the introduction has 1-3 labs to solidify the information presented. Approximately 75% of the class will be spent in hands-on application.

Contact CyberDefenses today to learn how we can help your company’s cybersecurity needs.