Zero-Trust Approach to Ransomware response: Primer
RCCE students will learn ransomware incident response including ransomware identification and classification, containment procedures, decryption assessment, recovery operations, and post-incident hardening. RCCE students will learn to identify active ransomware infections and determine the ransomware variant, execute containment procedures to prevent further encryption and lateral movement, assess decryption options including free decryptors, backup restoration, and negotiation considerations, perform system recovery from clean backups, conduct forensic analysis to determine initial access and scope of compromise, implement post-incident hardening to prevent reinfection, and develop ransomware-specific response playbooks. This zero-trust course applies modern security principles including least privilege, continuous verification, and explicit trust evaluation. Starting from foundational concepts, RCCE students will learn to implement zero-trust architectures that assume breach and verify every access request regardless of network location. Students build practical zero-trust implementations that align with organizational security modernization goals.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Zero-Trust Approach to Ransomware response: Primer
- Apply zero-trust principles to privilege decisions and elevation
- Build detections and response workflows for privilege escalation
- Execute hands-on tasks for identification & containment — covering Identify active ransomware infections, Determine ransomware variant and family.
- Execute hands-on tasks for recovery & forensics — covering decryption options and tools, Restore systems from clean backups.
- Execute hands-on tasks for hardening & playbooks — covering post-incident hardening, Develop ransomware response playbooks.
- Apply zero-trust principles to privilege decisions and elevation, including Apply least privilege access controls, and continuous verification.
- Execute hands-on tasks for never trust
- Execute hands-on tasks for always verify
- Execute hands-on tasks for assume breach
- Implement least-privilege enforcement across endpoints and roles
- Execute hands-on tasks for core principles — covering Verify explicitly every access request, Perimeter-based defense fails post-breach.
| Module 01 | Zero-Trust Approach to |
| Module 02 | Ransomware Response: Primer |
| Module 03 | Identification & Containment |
| Module 04 | Recovery & Forensics |
| Module 05 | Hardening & Playbooks |
| Module 06 | Zero-Trust Integration |
| Module 07 | Zero-Trust Fundamentals |
| Module 08 | Never Trust |
| Module 09 | Always Verify |
| Module 10 | Assume Breach |
| Module 11 | Least Privilege |
| Module 12 | Core Principles |
| Module 13 | Why Zero-Trust for Ransomware |
| Module 14 | Zero-Trust Architecture Overview |
All hands-on labs run on Rocheston Rose X OS. Students practice zero-trust approach to ransomware response: primer by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Apply zero-trust principles to privilege decisions and elevation
- Lab 2: Build detections and response workflows for privilege escalation
- Lab 3: Execute hands-on tasks for identification & containment
- Lab 4: Execute hands-on tasks for recovery & forensics
- Lab 5: Execute hands-on tasks for hardening & playbooks
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Zero-Trust Approach to Ransomware response: Primer, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI