[TRITLA] Ransomeware Response Plan Template

Nickles, Jane Jane.Nickles at greensboro-nc.gov
Thu Jun 20 10:42:16 EDT 2019


This is a great template Randy!  We have more detail about recovering systems and services in our DR plan but I really like the way you have the roles and responsibilities detailed for each phase.

As far as pay vs no pay threshold – it would probably be a combination of insurance coverage limit, severity of the attack, time to recover, and Mayor/City Manager decision to pay or not.

Just saw this one today:  https://www.cnn.com/2019/06/20/us/riviera-beach-to-pay-hacker/index.html

Another thing for everyone to consider is if you think you might contract for services to help get things back up – Go ahead and get contracts in place now!  This includes legal counsel.

Thanks for sharing!

Jane Nickles, CIO
Information Technology Department
City of Greensboro
Phone: 336-373-2490
PO Box 3136, Greensboro, NC 27402-3136
www.greensboro-nc.gov<https://www.greensboro-nc.gov/>

“Alexa, what’s my City of Greensboro Flash Briefing?”

Facebook<http://www.facebook.com/cityofgreensboro>
Twitter<https://twitter.com/greensborocity>
YouTube<http://www.youtube.com/CityofGreensboroNC>

From: Cress, Randy J. <randy.cress at rowancountync.gov>
Sent: Monday, June 17, 2019 6:23 AM
To: Triad Regional IT Leadership Group <tritlg at listserv.toknc.com>
Subject: Re: [TRITLA] Ransomeware Response Plan Template

Jane, you have a great one-pager and has all of the needed contact info.  One question I have is the decision tree for bitcoin payment, is this just for formality or does your management actually have a threshold where a decision to pay would be considered?

Please find the attached state IRP, I’m working on getting the runbooks as well for re-distribution.

Thanks,

[ForEmail]

Randy J. Cress | Chief Information Officer
Rowan County Information Technology
130 West Innes Street, Salisbury, NC 28144
[p] 704-216-8116   [c] 704-245-8640
www.rowancountync.gov<http://www.rowancountync.gov/>






From: "Jane Nickles, PMP, ITIL, CGCIO" <Jane.Nickles at greensboro-nc.gov<mailto:Jane.Nickles at greensboro-nc.gov>>
Reply-To: Triad Regional IT Leadership Group <tritlg at listserv.toknc.com<mailto:tritlg at listserv.toknc.com>>
Date: Thursday, June 13, 2019 at 3:52 PM
To: Triad Regional IT Leadership Group <tritlg at listserv.toknc.com<mailto:tritlg at listserv.toknc.com>>
Subject: Re: [TRITLA] Ransomeware Response Plan Template

WARNING: The sender of this email could not be validated and may not match the person in the "From" field.

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Report suspicious emails by clicking the “Report Phish” button.

Gary,

This is what we have on Cyber Response.   If we have to restore systems we would initiate our Disaster Recovery Plan.

Jane Nickles, CIO
Information Technology Department
City of Greensboro
Phone: 336-373-2490
PO Box 3136, Greensboro, NC 27402-3136
www.greensboro-nc.gov<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.greensboro-nc.gov%2F&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593368554&sdata=grS47EXsZXw69BZBc7QC30064SWb7gO6jP0Mz4cN1KI%3D&reserved=0>

“Alexa, what’s my City of Greensboro Flash Briefing?”

Facebook<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2Fcityofgreensboro&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593378556&sdata=lo%2BPZxwJ%2FBCN8AfBcbDLGkC%2BPGp9rhLplnjqPhyofqk%3D&reserved=0>
Twitter<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fgreensborocity&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593378556&sdata=%2FaOLM2RGSwJfaSI1577X69A%2B25DPVccm5ABBQcw31BM%3D&reserved=0>
YouTube<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.youtube.com%2FCityofGreensboroNC&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593388543&sdata=gmkav%2FrFmT7YYp5xEGozfkwwoB9IPPG0VYqzAuHklZc%3D&reserved=0>

From: Gary Steeley <gsteeley at ptrc.org<mailto:gsteeley at ptrc.org>>
Sent: Wednesday, June 12, 2019 7:03 AM
To: Triad Regional IT Leadership Group <tritlg at listserv.toknc.com<mailto:tritlg at listserv.toknc.com>>
Subject: [TRITLA] Ransomeware Response Plan Template

CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Report suspicious emails by clicking the “Phishing Alert” button.



I hope everyone is doing well?  I’m working on my response plan to a ransomeware attack and was wondering if someone had a template they would share?

Thanks.

Gary

Gary Steeley,  CGCIO
Information Technology Manager
Piedmont Triad Regional Council
1398 Carrollton Crossing Drive | Kernersville, NC 27284
Phone:  336.904.0300 | Fax:  336.904.0301

[Image removed by sender. Piedmont Triad Regional Council Logo]<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ptrc.org%2F&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593388543&sdata=3WCflxSmQZYYvI87VfUF7oXOZYhHVmhkYHTi%2BGu1%2Fvs%3D&reserved=0>

gsteeley at ptrc.org<mailto:gsteeley at ptrc.org> | www.ptrc.org<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ptrc.org&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593388543&sdata=5F9I2fE1Yz5o9cZMiDaSGaruQwSC6C7Ptd2UMu%2FRBY0%3D&reserved=0> |

[Image removed by sender. Twitter]<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FPTRC_NC&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593398537&sdata=KbGTZdgIQs6B5AisvAP0iDsUrg6XWavq27jds0iTQW8%3D&reserved=0>

[Image removed by sender. Facebook]<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FPiedmontTriadRegionalCouncil&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593398537&sdata=y4MqTmWStYarXDxsWF3AKxBkx2KrjRWFACGnJpTNURo%3D&reserved=0>

[Image removed by sender. LinkedIn]<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F5004193%3Ftrk%3Dcompany_search&data=02%7C01%7Crandy.cress%40rowancountync.gov%7Ca26be61a35fb43a8897b08d6f038afc1%7C977b42ab7737455286e7b09ed296213d%7C0%7C0%7C636960523593408528&sdata=CKAH5cbOp2vcJ6OCmyDXihzce1GNQ5ZnrfkHvxKwG7E%3D&reserved=0>




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listserv.toknc.com/pipermail/tritlg/attachments/20190620/b259242f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 4441 bytes
Desc: image001.jpg
URL: <http://listserv.toknc.com/pipermail/tritlg/attachments/20190620/b259242f/attachment-0001.jpg>


More information about the TRITLG mailing list