LOGBOOK

HELP

Quiz Entry - updated: 2026.06.24

When ransomware has hit, what key decisions does an organisation suddenly face?

How to find out what happened, who to mobilise, how to keep operating, what to report — and whether to pay.

These "what now?" questions map directly onto a real incident-response plan:

  • Discover scope: how do we even find out what happened and how far it spread?
  • Mobilise a crisis team: convene management/board (Krisenstab, GL, VR)
  • People & operations: how do we inform staff — can they still work, should they come in?
  • Legal duty: is there a reporting obligation to authorities/regulators? (In Switzerland, certain incidents must be reported; under GDPR, breaches of personal data within 72 hours.)
  • Pay the ransom? If yes, how (and is it even legal)? If no, what happens to the leaked data?

The lesson: these decisions are far too consequential to improvise mid-crisis. You need a prepared incident-response plan, tested backups, and clear escalation paths before the attack — and security is the three pillars again: technology, process, and people.

Tip: Authorities generally advise against paying — it funds crime, marks you as a payer, and never guarantees recovery or deletion of stolen data.

From Quiz: ISF / Foundations, Key Terms & Ransomware | Updated: Jun 24, 2026