Learning Ransomware Response & Recovery: Stopping Ransomware One Restore at a Time

Preston W. Curtis, Saylor Michael

Ransomware attacks are no longer a question of if–it’s a matter of when. With hackers increasingly targeting backup and disaster recovery (DR) systems, organizations need more than prevention strategies; they need a battle-tested plan for minimizing damage, forensically determining what’s happened and restoring your environment without paying the ransom. Renowned experts W. Curtis Preston and Dr. Mike Saylor offer a comprehensive guide to protecting critical systems and responding effectively when the worst happens.

Whether you’re a security professional unaware of how exposed your backup systems are, or a backup admin in need of stronger security expertise, this book is your essential roadmap. With actionable advice, clear frameworks, and step-by-step guidance, it bridges the gap between data protection and cybersecurity–empowering teams to deliver decisive, effective responses when faced with ransomware.

Prevent 90% of ransomware attacks with practical, simple steps

Shield your backup systems from also being a victim of the attack

Minimize the blast radius of attacks on your infrastructure

Identify, isolate, and restore compromised systems with confidence

Develop and test a detailed incident response plan

Ransomware is malicious software (malware) designed to block access to a computer system or encrypt its data until a ransom is paid. At its core, ransomware infiltrates a computer system (which may include servers, virtual machines [VMs], laptops, mobile devices, and more)—often through deceptive means like phishing emails or malicious downloads—and then encrypts the victim’s files, making them inaccessible. Whatever that computer was supposed to be doing up to that point, it isn’t doing it anymore. In more advanced attack scenarios, threat actors will use a type of ransomware capable of performing surveillance within victim systems and networks before strategically encrypting devices in a coordinated, larger scale attack that not only encrypts user data