Ransomware continues to grow as the most prevalent threat to all industries, no matter the sector, size, or level of sensitivity. As such, the group discussed what security professionals can do to better protect their systems. The first and probably most important step is to remain consistently proactive. Ensuring the systems are always up-to-date with patches and regular hygiene processes; educating end-users on best practices to keep themselves safe; and other processes are the best initial steps to take. Teams should also work to construct (and consistently update based on use case) an “incident response” playbook with actions to take, questions to ask, and strategies to use should an instance of ransomware present itself so that teams are equipped and prepared to handle the situation at any given time. It may be beneficial for these teams to connect with government officials from Homeland Security or the FBI for advice and guidance on such tactics, as they may have a more thorough, comprehensive set of experiences to draw from. The other major topic discussed within this group was: is simply paying the ransomware ever a viable solution? Participants agreed that it is generally not a good option, as it cuts off interaction with the perpetrator at an early stage. Keeping these attackers engaged to better learn about them and their methods is beneficial to your team’s learning and experience, and also provides a window of opportunity to counteract their ransomware with a constructed solution. In addition, in the aftermath of a ransomware attack, the group addressed policies on disclosing the incident to the public. Customers have the right to know of the attack, but companies should have a firm policy in place to address what information to share, how much information to share, and when to share it.