Ransomware Operations Playbook
RCCE students will learn ransomware incident response including ransomware identification and classification, containment procedures, decryption assessment, recovery operations, and post-incident hardening. RCCE students will learn to identify active ransomware infections and determine the ransomware variant, execute containment procedures to prevent further encryption and lateral movement, assess decryption options including free decryptors, backup restoration, and negotiation considerations, perform system recovery from clean backups, conduct forensic analysis to determine initial access and scope of compromise, implement post-incident hardening to prevent reinfection, and develop ransomware-specific response playbooks. This operations-focused course delivers production-ready playbooks, checklists, and standard operating procedures. Building on core knowledge, RCCE students will learn to build repeatable day-to-day operational workflows that ensure consistency and quality. Students receive templates and frameworks they can customize and deploy immediately in their security operations, reducing time to operational effectiveness.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Ransomware Operations Playbook
- Execute hands-on tasks for ransomware operations playbook
- Explain Course Overview fundamentals
- Execute hands-on tasks for course description
- Execute hands-on tasks for key objectives — covering Identify ransomware variants.
- Execute hands-on tasks for topic map: 18 subtopics
- Execute hands-on tasks for ransomware taxonomy
- Execute hands-on tasks for initial access vectors
- Execute hands-on tasks for threat landscape
- Execute hands-on tasks for infection indicators
- Execute hands-on tasks for variant identification
- Execute hands-on tasks for containment procedures
- Execute hands-on tasks for network isolation
| Module 01 | Ransomware Operations Playbook |
| Module 02 | Course Overview |
| Module 03 | Course Description |
| Module 04 | Key Objectives |
| Module 05 | Topic Map: 18 Subtopics |
| Module 06 | Ransomware Taxonomy |
| Module 07 | Initial Access Vectors |
| Module 08 | Threat Landscape |
| Module 09 | Infection Indicators |
| Module 10 | Variant Identification |
| Module 11 | Containment Procedures |
| Module 12 | Network Isolation |
| Module 13 | Lateral Movement Prevention |
| Module 14 | Encryption Assessment |
All hands-on labs run on Rocheston Rose X OS. Students practice ransomware operations playbook by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for ransomware operations playbook
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for course description
- Lab 4: Execute hands-on tasks for key objectives
- Lab 5: Execute hands-on tasks for topic map: 18 subtopics
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Ransomware Operations Playbook, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI