Incident Response Checklist

1. Prepare: roles, contacts, tabletop drills.
2. Identify: confirm scope with logs/EDR/cloud telemetry.
3. Contain: isolate hosts, rotate credentials, block malicious indicators.
4. Eradicate: remove persistence, patch exploited services, sweep for IOCs.
5. Recover: restore critical systems, validate with scans, monitor for 72 hours.
6. Learn: document timeline, root causes, and hardening actions.

Use with Cyvex responders: https://cyvex.io/solutions/ransomware-incident-response