Learn how to respond to a ransomware threat proactively, ideally to prevent an attack, or to have the resources to recover if one occurs. Looking beyond the infamous components of an extortion attack – data encryption and demands for ransom – this will cover the most common methods for gaining access, use of lateral movement and privilege escalation, and how an attacker uses fear to increase the chance of getting payment. I will focus on prevention, ideally to stop the attacker from gain access by following best practices in IT security. Logging and monitoring can detect an attack before data is encrypted, although that may not prevent data exfiltration. Effective backup strategy, having backups offline and keeping them long enough that there will be a backup from before the initial compromise, is essential to recovery.