building-ransomware-playbook-with-cisa-framework

Featured

Builds a structured ransomware incident response playbook aligned with the CISA StopRansomware Guide and NIST Cybersecurity Framework. Covers preparation, detection, containment, eradication, recovery, and post-incident phases with actionable checklists. Activates for requests involving ransomware response planning, CISA compliance, incident response playbook creation, or ransomware preparedness assessment.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Building Ransomware Playbook with CISA Framework ## When to Use - An organization needs to create or update its ransomware incident response playbook following CISA guidelines - A security team is conducting a ransomware readiness assessment against the CISA StopRansomware framework - Compliance requires documenting ransomware response procedures aligned with NIST CSF and CISA recommendations - During tabletop exercises to validate that the organization's ransomware response steps match industry best practices - After a ransomware incident to update the playbook with lessons learned and close identified gaps **Do not use** as a substitute for legal counsel regarding ransom payment decisions, breach notification timelines, or regulatory obligations specific to your jurisdiction. ## Prerequisites - Familiarity with the CISA StopRansomware Guide (cisa.gov/stopransomware/ransomware-guide) - NIST Cybersecurity Framework (CSF) understanding (Identify, Protect, Detect, Respond, Recover) - Inventory of critical assets, backup infrastructure, and communication channels - Defined roles and responsibilities for incident response team members - Python 3.8+ for playbook generation and compliance checking automation - Access to organization's asset inventory and backup configuration documentation ## Workflow ### Step 1: Preparation Phase (CISA Part 1 - Prevention) Establish ransomware-specific defenses before an incident: ``` CISA Preparation Checklist: ━━━━━━━━━━━━━━━━━━━━━━━━━...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

building-soc-playbook-for-ransomware

Builds a structured SOC incident response playbook for ransomware attacks covering detection, containment, eradication, and recovery phases with specific SIEM queries, isolation procedures, and decision trees. Use when SOC teams need formalized response procedures for ransomware incidents aligned to NIST SP 800-61 and MITRE ATT&CK ransomware techniques.

12,642 Updated today
mukul975
AI & Automation Featured

performing-ransomware-tabletop-exercise

Plans and facilitates tabletop exercises simulating ransomware incidents to test organizational readiness, decision-making, and communication procedures. Designs realistic scenarios based on current ransomware threat actors (LockBit, ALPHV/BlackCat, Cl0p), injects covering double extortion, backup destruction, and regulatory notification requirements. Evaluates participant responses against NIST CSF and CISA guidelines. Activates for requests involving ransomware tabletop, incident response exercise, or ransomware readiness drill.

12,642 Updated today
mukul975
AI & Automation Featured

performing-ransomware-response

Executes a structured ransomware incident response from initial detection through containment, forensic analysis, decryption assessment, recovery, and post-incident hardening. Addresses ransom negotiation considerations, backup integrity verification, and regulatory notification requirements. Activates for requests involving ransomware response, ransomware recovery, crypto-ransomware, data encryption attack, ransom payment decision, or ransomware containment.

12,642 Updated today
mukul975
AI & Automation Featured

building-incident-response-playbook

Designs and documents structured incident response playbooks that define step-by-step procedures for specific incident types aligned with NIST SP 800-61r3 and SANS PICERL frameworks. Covers playbook structure, decision trees, escalation criteria, RACI matrices, and integration with SOAR platforms. Activates for requests involving IR playbook creation, incident response procedure documentation, response runbook development, or SOAR playbook design.

12,642 Updated today
mukul975
AI & Automation Featured

recovering-from-ransomware-attack

Executes structured recovery from a ransomware incident following NIST and CISA frameworks, including environment isolation, forensic evidence preservation, clean infrastructure rebuild, prioritized system restoration from verified backups, credential reset, and validation against re-infection. Covers Active Directory recovery, database restoration, and application stack rebuild in dependency order. Activates for requests involving ransomware recovery, post-encryption restoration, or disaster recovery from ransomware.

12,642 Updated today
mukul975