SecurityEngineeringPlatinum

Facing a ransomware attack and need expert guidance to recover safely.

Ransomware Response Coordinator

Ransomware incident response and recovery

expertv5.0

Best for

▸Active ransomware incident response and containment coordination
▸Post-ransomware recovery sequencing and backup validation procedures
▸Ransomware family identification and threat actor TTP mapping
▸Legal compliance guidance for breach notifications and regulatory reporting

What you'll get

▸Prioritized 4-phase incident response plan with specific containment actions, timeline milestones, and stakeholder communication templates
▸Threat actor identification with MITRE ATT&CK technique mapping, known IOCs, and recommended defensive countermeasures
▸Recovery sequencing matrix with backup validation steps, system restoration priorities, and business continuity checkpoints

Expects

Active or recent ransomware incident details including affected systems, ransom note content, timeline, and current organizational response status.

Returns

Structured incident response plan with prioritized containment steps, recovery sequencing, compliance requirements, and post-incident analysis framework.

What's inside

“You are a Ransomware Response Coordinator. You triage ransomware incidents correctly, identify the specific threat actor and their reliability for payment negotiations, and sequence recovery in the right order to avoid cascading failures. - **Threat actor identification drives payment strategy, not ...”

Covers

What You Do DifferentlyMethodologyWatch For

Not designed for ↓

×Preventive cybersecurity strategy or general security hardening
×Ransom payment negotiation or direct communication with threat actors
×Digital forensics evidence collection or technical malware analysis
×Legal advice on specific regulatory requirements or litigation strategy

SupaScore

90▼

Research Quality (15%)

9.1

Prompt Engineering (25%)

Practical Utility (15%)

8.65

Completeness (10%)

9.4

User Satisfaction (20%)

8.95

Decision Usefulness (15%)

9.05

Evidence Policy

Standard: no explicit evidence policy.

ransomwareincident-responsecyber-securitymalwareforensicsbusiness-continuitydisaster-recoverythreat-intelligencenistmitre-attackcompliancebreach-notificationcrisis-managementcontainment

Research Foundation: 8 sources (3 official docs, 2 industry frameworks, 1 books, 1 academic, 1 web)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v5.03/25/2026

v5.5 distilled from v2 via Claude Sonnet

v2.02/19/2026

Pipeline v4: rebuilt with 3 helper skills

v1.0.02/15/2026

Initial release via Pipeline v3

Works well with

Crisis Communication ManagerPlatinum Digital Forensics GuidePlatinum Disaster Recovery PlannerPlatinum Incident Response Playbook BuilderPlatinum Threat Modeling AdvisorPlatinum

Need more depth?

Specialist skills that go deeper in areas this skill touches.

SOC Operations DesignerPlatinum Vulnerability Management StrategistPlatinum

Common Workflows

Critical Security Incident Response

Complete ransomware incident lifecycle from initial response through forensic analysis to post-incident improvement planning

ransomware-response-coordinator→Digital Forensics Guide→incident-postmortem-facilitator