[TRITLA] Ransomeware Response Plan Template

Cress, Randy J. randy.cress at rowancountync.gov
Mon Jun 17 06:22:51 EDT 2019 

Jane, you have a great one-pager and has all of the needed contact info.  One question I have is the decision tree for bitcoin payment, is this just for formality or does your management actually have a threshold where a decision to pay would be considered?

Please find the attached state IRP, I’m working on getting the runbooks as well for re-distribution.

Thanks,

[ForEmail]

Randy J. Cress | Chief Information Officer
Rowan County Information Technology
130 West Innes Street, Salisbury, NC 28144
[p] 704-216-8116   [c] 704-245-8640
www.rowancountync.gov<http://www.rowancountync.gov/>






From: "Jane Nickles, PMP, ITIL, CGCIO" <Jane.Nickles at greensboro-nc.gov>
Reply-To: Triad Regional IT Leadership Group <tritlg at listserv.toknc.com>
Date: Thursday, June 13, 2019 at 3:52 PM
To: Triad Regional IT Leadership Group <tritlg at listserv.toknc.com>
Subject: Re: [TRITLA] Ransomeware Response Plan Template

WARNING: The sender of this email could not be validated and may not match the person in the "From" field.

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Report suspicious emails by clicking the “Report Phish” button.

Gary,

This is what we have on Cyber Response.   If we have to restore systems we would initiate our Disaster Recovery Plan.

Jane Nickles, CIO
Information Technology Department
City of Greensboro
Phone: 336-373-2490
PO Box 3136, Greensboro, NC 27402-3136
www.greensboro-nc.gov<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.greensboro-nc.gov%2F&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593368554&sdata=grS47EXsZXw69BZBc7QC30064SWb7gO6jP0Mz4cN1KI%3D&reserved=0>

“Alexa, what’s my City of Greensboro Flash Briefing?”

Facebook<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2Fcityofgreensboro&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593378556&sdata=lo%2BPZxwJ%2FBCN8AfBcbDLGkC%2BPGp9rhLplnjqPhyofqk%3D&reserved=0>
Twitter<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fgreensborocity&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593378556&sdata=%2FaOLM2RGSwJfaSI1577X69A%2B25DPVccm5ABBQcw31BM%3D&reserved=0>
YouTube<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.youtube.com%2FCityofGreensboroNC&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593388543&sdata=gmkav%2FrFmT7YYp5xEGozfkwwoB9IPPG0VYqzAuHklZc%3D&reserved=0>

From: Gary Steeley <gsteeley at ptrc.org>
Sent: Wednesday, June 12, 2019 7:03 AM
To: Triad Regional IT Leadership Group <tritlg at listserv.toknc.com>
Subject: [TRITLA] Ransomeware Response Plan Template

CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Report suspicious emails by clicking the “Phishing Alert” button.



I hope everyone is doing well?  I’m working on my response plan to a ransomeware attack and was wondering if someone had a template they would share?

Thanks.

Gary

Gary Steeley,  CGCIO
Information Technology Manager
Piedmont Triad Regional Council
1398 Carrollton Crossing Drive | Kernersville, NC 27284
Phone:  336.904.0300 | Fax:  336.904.0301

[Image removed by sender. Piedmont Triad Regional Council Logo]<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ptrc.org%2F&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593388543&sdata=3WCflxSmQZYYvI87VfUF7oXOZYhHVmhkYHTi%2BGu1%2Fvs%3D&reserved=0>

gsteeley at ptrc.org<mailto:gsteeley at ptrc.org> | www.ptrc.org<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ptrc.org&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593388543&sdata=5F9I2fE1Yz5o9cZMiDaSGaruQwSC6C7Ptd2UMu%2FRBY0%3D&reserved=0> |

[Image removed by sender. Twitter]<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FPTRC_NC&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593398537&sdata=KbGTZdgIQs6B5AisvAP0iDsUrg6XWavq27jds0iTQW8%3D&reserved=0>

[Image removed by sender. Facebook]<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FPiedmontTriadRegionalCouncil&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593398537&sdata=y4MqTmWStYarXDxsWF3AKxBkx2KrjRWFACGnJpTNURo%3D&reserved=0>

[Image removed by sender. LinkedIn]<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F5004193%3Ftrk%3Dcompany_search&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593408528&sdata=CKAH5cbOp2vcJ6OCmyDXihzce1GNQ5ZnrfkHvxKwG7E%3D&reserved=0>




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listserv.toknc.com/pipermail/tritlg/attachments/20190617/997be881/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 4441 bytes
Desc: image001.jpg
URL: <http://listserv.toknc.com/pipermail/tritlg/attachments/20190617/997be881/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: TEMPLATE-Information-Security-Incident-Management-Plan[4].docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 152940 bytes
Desc: TEMPLATE-Information-Security-Incident-Management-Plan[4].docx
URL: <http://listserv.toknc.com/pipermail/tritlg/attachments/20190617/997be881/attachment-0001.docx>

More information about the TRITLG mailing list