testing-ransomware-recovery-procedures

Featured

Test and validate ransomware recovery procedures including backup restore operations, RTO/RPO target verification, recovery sequencing, and clean restore validation to ensure organizational resilience against destructive ransomware attacks.

Testing & QA 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Testing Ransomware Recovery Procedures ## When to Use Use this skill when: - Validating that ransomware recovery plans actually work under realistic conditions - Measuring RTO (Recovery Time Objective) and RPO (Recovery Point Objective) against business requirements - Testing backup restore operations to confirm data integrity and completeness after simulated encryption - Conducting tabletop exercises or live recovery drills for ransomware scenarios - Auditing disaster recovery readiness as part of compliance or cyber insurance requirements **Do not use** for active incident response during a live ransomware attack. Use dedicated IR playbooks instead. ## Prerequisites - Isolated recovery test environment (air-gapped or network-segmented lab) - Access to backup infrastructure (Veeam, Commvault, Rubrik, AWS Backup, Azure Backup) - Documented RTO/RPO targets per application tier from business impact analysis - Backup copies available for restore testing (production replicas or test snapshots) - Recovery runbooks with step-by-step procedures for each critical system ## Workflow ### Step 1: Define Recovery Test Scope Identify critical systems and their tiered recovery targets: | Tier | System Type | RTO Target | RPO Target | Example | |------|------------|------------|------------|---------| | Tier 1 | Mission-critical | < 1 hour | < 15 min | Active Directory, core database | | Tier 2 | Business-critical | < 4 hours | < 1 hour | ERP, email, CRM | | Tier 3 | Business-ope...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Azure · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

implementing-ransomware-backup-strategy

Designs and implements a ransomware-resilient backup strategy following the 3-2-1-1-0 methodology (3 copies, 2 media types, 1 offsite, 1 immutable/air-gapped, 0 errors on restore verification). Configures backup schedules aligned to RPO/RTO requirements, implements backup credential isolation to prevent ransomware from compromising backup infrastructure, and establishes automated restore testing. Activates for requests involving ransomware backup planning, backup resilience, air-gapped backup design, or backup recovery point objective configuration.

12,642 Updated today
mukul975
AI & Automation Featured

recovering-from-ransomware-attack

Executes structured recovery from a ransomware incident following NIST and CISA frameworks, including environment isolation, forensic evidence preservation, clean infrastructure rebuild, prioritized system restoration from verified backups, credential reset, and validation against re-infection. Covers Active Directory recovery, database restoration, and application stack rebuild in dependency order. Activates for requests involving ransomware recovery, post-encryption restoration, or disaster recovery from ransomware.

12,642 Updated today
mukul975
AI & Automation Featured

performing-ransomware-tabletop-exercise

Plans and facilitates tabletop exercises simulating ransomware incidents to test organizational readiness, decision-making, and communication procedures. Designs realistic scenarios based on current ransomware threat actors (LockBit, ALPHV/BlackCat, Cl0p), injects covering double extortion, backup destruction, and regulatory notification requirements. Evaluates participant responses against NIST CSF and CISA guidelines. Activates for requests involving ransomware tabletop, incident response exercise, or ransomware readiness drill.

12,642 Updated today
mukul975
Web & Frontend Listed

planning-disaster-recovery

Design and implement disaster recovery strategies with RTO/RPO planning, database backups, Kubernetes DR, cross-region replication, and chaos engineering testing. Use when implementing backup systems, configuring point-in-time recovery, setting up multi-region failover, or validating DR procedures.

368 Updated 5 months ago
ancoleman
AI & Automation Solid

backup-and-disaster-recovery

Plan and run backups, set recovery objectives, and run disaster recovery drills. Use this skill when defining RPO/RTO targets, designing backup architecture, deciding what to back up and how often, planning for full-region or platform outages, or running a restoration drill. Triggers on backup, restore, RPO, RTO, disaster recovery, DR, business continuity, what if the database is gone, what if our hosting goes down, recovery drill, ransomware planning. Also triggers when an incident reveals a gap in restoration capability.

280 Updated 2 days ago
rampstackco