Ransomware Incident Disclosure Document

1. Organization Information

Organization Name Contact Person Contact Title/Role Contact Email Contact Phone

2. Incident Details

Incident Description Impacted Systems/Services Suspected Ransomware Family How Was the Incident Discovered?

3. Impact Assessment

Data Types Affected Scope & Extent of Impact Number of Users Affected Regulatory or Legal Impact

4. Response Actions

Containment Measures Taken Eradication & Recovery Actions External Parties Notified

5. Ransom Demand

Ransom Amount & Currency Ransom Contact Method (e.g. Email, Telegram) Ransom Note Text (if available)

6. Lessons Learned & Next Steps

Lessons Learned Future Actions / Recommendations