Ransomware attacks are prevalent. The actions taken by a company immediately after a ransomware attack can have major implications on their ability to restore operations. This talk will clearly explain which actions should be taken, and which actions might unintentionally cause an organization much more trouble. This talk will go through a series of Do’s and Don’ts on how to respond when initially facing a ransomware incident. This topic is based on real-world situations, not theories, and will cover associated case studies. This information is critical to organizations that will suffer a ransomware attack in the future. Taking the right initial actions can mean the difference between a quick recovery and a recovery that takes weeks or months, and much more time, effort, and money.