You are leaving our Website
Using an external Link:
You are now leaving our website. The following page is operated by a third party. We accept no responsibility for the content, data protection, or security of the linked page..
URL:
SC195: Ransomware Resilience for IT Professionals NEW
Training - Security
Ransomware is the greatest IT risk for many organizations – yet there is often no clear picture of how attackers operate and what needs to be done in an emergency. In this intensive training, IT managers experience live how modern ransomware campaigns work and develop concrete playbooks and runbooks for prevention, detection, incident response, and recovery. Target group: IT management and strategic decision-makers who want to make their organization resilient against extortion attacks.
Unfortunately there are currently no available appointments.
Would you like to request an appointment? Then click on 'No matching appointment?'
Agenda:
- A safari to the dark side - how does ransomware work?
- How does RaaS work?
- Current ransomware ecosystem 2025/26
- Key groups
- Trends
- Numbers
- Which threat actor groups exist?
- How do they typically attack?
- Which software is used?
- Live simulation of a ransomware attack
- How do ransom negotiations work?
- Where can you find the Walls of Shame?
- Double/triple extortion and data leak sites
- Insight into current cases
- Experiences from undercover activities
- Hunting threat actors - law enforcement against extortionists
- Prevention - detection - response
- Defense fundamentals
- What does a successful attacker need?
- Best practices for preventive measures
- Identity & access security
- MFA
- Phishing protection
- Privileged accounts
- Architecture & hardening
- Segmentation
- 3-2-1 backup strategy
- The decisive steps for detection capabilities
- EDR/XDR
- Central log sources and use cases
- False positives versus false negatives
- Building an alerting and escalation chain
- Enabling an operational emergency team
- Working in the tactical emergency staff
- Negotiation management
- LKA
- Cyber insurer
- Yourself
- Communicating internally
- Management
- Works council
- Communicating externally
- Authorities
- Customers
- Media
- Involving service providers
- Playbooks and runbooks
- The BSI™ approach to security incidents:
- Preparation – detection – analysis – containment – eradication – recovery – post-incident activities
- Step-by-step guidance with an IR playbook
- Creating concrete runbooks for containment
- “Ransomware on servers”,
- “Ransomware on clients”,
- “Compromised AD/identities”
- Scripts and tools for support
- Using capabilities from EDR and XDR
- Training first responders
- Documentation is everything
- Initial assessment and escalation
- Chain of custody - forensically sound evidence handling
- Basics of triage and post-mortem forensics
- The BSI™ approach to security incidents:
- The morning after
- Working at ground zero
- Building a yellowfield and greenfield
- Architecture principles for a clean rebuild
- Zero Trust
- Segmentation
- Hardening critical systems
- Capabilities, processes, and services
- Recovery to emergency operations
- BCP/ITSCM and minimum level of operations
- Recovery to normal operations
- Disinfection and remediation
- Lessons learned
- Feedback into policies
- Training and technical measures
Objectives:
After the SC195 Ransomware Resilience for IT Professionals training, IT managers will have a clear agenda, concrete playbooks and runbooks, and a shared understanding of roles, processes, and technical levers to not only get through ransomware incidents, but also to make the organization noticeably more resilient in the long term.Target audience:
The SC195 Ransomware Resilience for IT Professionals training is aimed at:- BCM managers
- ITSCM managers
- IT managers
- Incident response team personnel
- Emergency/crisis management staff
- Service providers / external partners (IR, SOC/MSSP)
- In smaller IT organizations: multi-function personnel with responsibility for IT operations
Prerequisites:
To be able to follow the pace and content of the SC195 Ransomware Resilience for IT Professionals training, the following prior knowledge is helpful:- Basic knowledge of typical IT/security environments
- Understanding of the most important interested parties and their expectations of the organization
- Understanding of critical protection objectives and potential impacts in case they are compromised
- Overview of available resources for handling security incidents and mitigating damage
Description:
Ransomware attacks no longer affect only “other companies” – they are among the most likely and most consequential crisis scenarios for any organization. IT managers face the challenge of steering management, business units, and technology at the same time – often without proven procedures, clear playbooks, or aligned communication channels.This four-day training course SC195 Ransomware Resilience for IT Professionals is aimed specifically at IT management that wants to prepare its organization both technically and organizationally for an emergency.
At the beginning, there is a deliberate change of perspective: an introduction to the current ransomware ecosystem, typical threat actor groups, attack paths, and extortion strategies – including a live simulation of how an attack unfolds (from initial access through encryption to the ransom demand). Insights into double/triple extortion, data-leak platforms, walls of shame, real cases, and the work of law enforcement and undercover investigators round off this section.
In the next step, protecting the organization takes center stage: What prerequisites does a successful attacker need – and how can the attack surface be reduced systematically? Based on proven best practices, priorities are developed for identity and access security, architecture and hardening (segmentation, backup strategies), and effective detection capabilities with EDR/XDR and centralized logging. Alerting and escalation chains, roles in the operational emergency team and the tactical crisis staff, as well as professional communication internally (management, works council) and externally (authorities, customers, media, insurers) are defined and practiced.
To conclude, the SC195 Ransomware Resilience for IT Professionals training leads into a consistent implementation and rebuild phase: Based on the BSI™ approach to security incidents, concrete incident response playbooks and runbooks are created for typical ransomware scenarios (servers, clients, compromised AD). Participants learn how scripts, tools, and EDR/XDR provide targeted support, how first responders are trained, and how evidence is documented in a forensically sound manner. Finally, strategies follow for working “at ground zero,” rebuilding (yellowfield/greenfield), the transition from emergency operations back to normal operations, and the systematic evaluation of lessons learned.
Guaranteed implementation:
from 2 Attendees
Booking information:
Duration:
4 Days
Price:
2.590,00 € plus VAT.
(including lunch & drinks for in-person participation on-site)
Appointment selection:
No appointment available
Authorized training partner
Memberships
Shopping cart
SC195: Ransomware Resilience for IT Professionals
was added to the shopping cart.