Ransomware Incident Report
General Information
Date of Incident
Reported By
Department/Team
Incident Details
Date & Time Detected
Systems Affected (Devices, Servers, etc.)
Description of the Incident
Ransom Note Information
Ransom Demand Details (Amount, Currency, Payment Method)
Payment Deadline
Contact Details Provided by Attacker
Detection & Response
How was the Ransomware Detected?
Immediate Actions Taken
Investigation
Initial Attack Vector (Email, Web, USB, etc.)
Indicators of Compromise (File Names, Extensions, Processes)
Steps Taken to Contain Incident
Impact Assessment
Extent of Data/Systems Encrypted
Impact on Operations
Recovery Steps
Backups Available (Y/N, Dates)
Restoration Process
Reporting & Notification
Internal Notifications (Who Was Informed)
External Notifications (Law Enforcement, Regulators, etc.)
Additional Notes
Other Relevant Information