What is a Ransomware Tabletop Exercise (TTX)?

A ransomware TTX is a simulated, interactive exercise designed to test an organization's readiness and response strategies in the event of a ransomware attack. These exercises typically involve key stakeholders from within the organization. The goal is to create a realistic scenario where participants can practice their roles and responsibilities, identify gaps in the current response plan, and improve their ability to manage and mitigate the impact of a ransomware incident. 

Frequently Asked Questions

WHAT IS THE PRIMARY BENEFIT TO A CREDIT UNION?

Regular ransomware exercises help prepare your credit union to effectively respond to ransomware attacks, minimize damage, and ensure a quicker recovery when an event occurs. 

WHO SHOULD PARTICIPATE?

We will work with your staff to determine the ideal stakeholders. They typically include senior management, IT staff, a legal representative, marketing staff, any vendors involved in the response, and sometimes one or more board members.  

HOW LONG DOES A RANSOMWARE TTX TAKE?

Think|Stack typically spends several days gathering internal information and planning for an onsite tabletop. We generally suggest either a half or a single full day onsite at your credit union.  

DO YOU NEED ACCESS TO OUR IT SYSTEMS

No, accessing your IT systems is not necessary to conduct a ransomware TTX. These exercises are designed to be simulated and discussion-based, focusing on planning, decision-making, and communication, rather than actual system manipulation. 

HOW OFTEN SHOULD YOU CONDUCT A RANSOMWARE TTX?

The most important ransomware TTX is the first one. It will help the organization experience what it is like to go through a ransomware event. There is a huge difference between a credit union who has done even one ransomware TTX versus those who have not. 

WHAT DO WE GET AFTER COMPLETING A RANSOMWARE TTX WITH THINK|STACK?

At the conclusion of our engagement, you will receive all the documentation and recommendations you need to prepare for an actual ransomware attack. This will include detailed reporting, observations and findings, recommendations and an action plan, and lessons learned.

shutterstock_2263164777

What Do You Need to Prepare?

If this is your first ransomware TTX, you may not have very much to prepare. The most important preparation is to determine your goals and objectives in advance of the exercise and decide who on the team should participate. Although some of these may not apply or may be dated, the additional items below are helpful: 

  • Your current incident response plan 
  • Network and system diagrams
  • Communications plans 
  • Documented legal and regulatory considerations 
  • Business continuity and disaster recovery plans 
  • Any recent cybersecurity assessments and reports