Ransomware Hardening Workshop
RCCE students will learn ransomware incident response including ransomware identification and classification, containment procedures, decryption assessment, recovery operations, and post-incident hardening. RCCE students will learn to identify active ransomware infections and determine the ransomware variant, execute containment procedures to prevent further encryption and lateral movement, assess decryption options including free decryptors, backup restoration, and negotiation considerations, perform system recovery from clean backups, conduct forensic analysis to determine initial access and scope of compromise, implement post-incident hardening to prevent reinfection, and develop ransomware-specific response playbooks. This hands-on hardening course focuses on reducing attack surface through practical configuration changes and security guardrails. Building on core knowledge, RCCE students will learn to apply hardening baselines, validate configurations, and measure the security improvement achieved. Students walk away with actionable hardening checklists and the skills to maintain hardened configurations as environments evolve.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Ransomware Hardening Workshop
- Execute hands-on tasks for ransomware hardening workshop
- Build detections and response workflows for privilege escalation
- Explain Course Overview fundamentals
- Execute hands-on tasks for identify & classify — covering Contain & Respond, Recover & Harden.
- Execute hands-on tasks for catalog iocs and artifacts — covering Contain & Respond.
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for hardening mastery — covering Identify ransomware variant families.
- Execute hands-on tasks for ransomware threat landscape
- Execute hands-on tasks for avg ransom payment
- Execute hands-on tasks for mean recovery time
- Execute hands-on tasks for double extortion rate
- Execute hands-on tasks for raas economy — covering Subscription-based attack kits.
| Module 01 | Ransomware Hardening Workshop |
| Module 02 | Incident Response, Recovery Operations & Post-Incident Hardening |
| Module 03 | Course Overview |
| Module 04 | Identify & Classify |
| Module 05 | Catalog IOCs and artifacts |
| Module 06 | Learning Objectives |
| Module 07 | Hardening Mastery |
| Module 08 | Ransomware Threat Landscape |
| Module 09 | Avg Ransom Payment |
| Module 10 | Mean Recovery Time |
| Module 11 | Double Extortion Rate |
| Module 12 | RaaS Economy |
| Module 13 | Ransomware Families & Classification |
| Module 14 | Ransomware Kill Chain |
All hands-on labs run on Rocheston Rose X OS. Students practice ransomware hardening workshop by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for ransomware hardening workshop
- Lab 2: Build detections and response workflows for privilege escalation
- Lab 3: Explain Course Overview fundamentals
- Lab 4: Execute hands-on tasks for identify & classify
- Lab 5: Execute hands-on tasks for catalog iocs and artifacts
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Ransomware Hardening Workshop, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI