Developing a Ransomware plan is much like anything else. Sounds simple, protect against malware. The reality though is much different, and it starts with a properly educated security team to come up with a comprehensive and cohesive plan.
You need to know how your network is laid out. A flat network (which you find in a lot of Small Businesses) needs extra consideration if it is going to stay flat. If you are segmented, how are you segmented.? Do you have any pull with the network team to adjust ACLs, Firewall rules and topology to a more secure setup?
Do you know what your company’s crown jewels are? What data is the most valuable, what data is ok to be without for a period? This helps you direct what needs the best protection when you need to decide what gets budgeted for (hopefully everything) or if you must be selective due to costs.
Do you have offline or immutable backups? Are they stored in a different location (say the cloud or a cold storage physical spot)? Do you have a fully functioning copy of your Domain Controller that is kept offline except for an occasional sync with the other DCs? That cold DC could get you back up and running much faster than without one.
Have you tested your backups? Have you tested a full bare metal restore of your servers? Do you know what order to bring the servers back online in? Are you sure that you are not just opening yourself up to another attack because your backups have the threat actors backed up in them?
Do you have buy in from all the departments involved and from the higher ups? Have you multiplied the time to restore by 3 to account for issues with restoring functionality?
This is just a quick list of some things to think about. Truth be told, even if you pay the ransom and get everything back, you must figure you are ready to be compromised a second time. Better to get the data and figure everything is going to be a loss in the long run so plan on rebuilding everything while using the old servers to keep things running.
Ransomware is a tough topic, and one that is foremost on the executive mind currently. How long until it drifts into the background like so many other issues do when a new tactic comes along. This is the change to build that defense, which can aid in other defenses. Just make sure you are covering everything.