SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsRansomware and cyber extortion are no longer abstract threats. Rather, they represent two of the most critical crises organizations face today. Attackers are refining their playbooks daily, often blending data theft, disruption, and direct pressure on their victim organizations along with executives, partners, vendors, suppliers, and more. The only real way to prepare is to face the problem head-on.
Below are practical insights that align with how real-world incidents unfold—steps you can take now to strengthen your investigations and response capabilities.
Responders don’t need expensive licenses to start building resilience! Free and open-source tools can provide incredible visibility and response capabilities, if you know how to use them:
These free tools can help your organization detect ransomware and cyber extortion attacks sooner and respond in a timely manner.
Not every environment has advanced telemetry. Some teams have extended telemetry (e.g., Sysmon and/or E/XDR logging), while others only have the basics provided by default configurations. You need to understand your organization’s and client’s environments so you can refine your playbooks to the environment(s) to which you have access.
If you only practice one approach, you’ll be blindsided by the other!
By the time ransom notes appear, the damage is done. Responders must train to recognize signs of initial access, but at the very least should also be able to spot and automate responses to the first signs of encryption:
Spotting these actions can buy critical response time!
Ransomware and cyber extortion are not single events—they are ongoing attack campaigns. Typical incidents include:
Training your team to recognize each stage means you can intervene before encryption begins.
The ransomware crisis won’t be solved by ignoring it or by negotiation strategies. Responders must practice using the same tools and artifacts they’ll find in their monitored environments. The more hands-on your preparation, the more confident your response will be when it matters.
SANS FOR528: Ransomware and Cyber Extortion is the definitive training course for professionals who need to strengthen their ransomware and cyber extortion response skills. This hands-on program teaches responders how to investigate real-world incidents, analyze attacker tactics, and build defenses across the full ransomware lifecycle. By completing FOR528, security teams gain the expertise needed to detect, contain, and recover from ransomware attacks while minimizing risk, downtime, and data loss.
Take the only course where you build, run, and break down ransomware end-to-end.
Learn more about FOR528: Ransomware and Cyber Extortion.
Ryan Chapman has redefined ransomware defense through hands-on leadership in major incidents like Kaseya and by arming thousands with proactive threat hunting tactics now standard across the industry.
Read more about Ryan Chapman