Ransomware Readiness Quiz

1What is the primary objective of most ransomware attacks? Steal hardware devices from the victim organization. Encrypt critical data and demand payment to restore access. Monitor network traffic to gather competitive intelligence. Install legitimate software updates across the environment.

2Which action most commonly enables ransomware to enter a network? Ignoring browser pop-up advertisements. Clicking on a malicious email attachment or link. Using multi-factor authentication on remote access tools. Viewing files in read-only mode.

3Why are offline or offsite backups recommended in ransomware defense plans? They make it easier for attackers to locate sensitive data. They allow employees to skip patching endpoints. They stay out of reach if attackers encrypt production systems. They automatically notify law enforcement when accessed.

4What should be the first response after confirming ransomware on a workstation? Immediately power the computer off without telling anyone. Pay the ransom to restore operations as quickly as possible. Isolate the affected system from the network and report the incident. Delete suspicious files to clean up the machine.

5Which warning sign suggests a ransomware attack is already underway? Multi-factor authentication prompts appearing unexpectedly. Files gaining strange extensions and becoming unreadable. Internet connections speeding up dramatically. Security patches installing successfully overnight.

6What is meant by “double extortion” in modern ransomware campaigns? Using two different encryption algorithms on the same files. Contacting victims by phone and email at the same time. Stealing data before encryption to threaten public exposure. Charging two separate ransom amounts for one attack.

7Which user access practice best reduces ransomware risk? Reusing passwords across multiple business systems. Allowing all staff to install any software they choose. Enforcing least-privilege access for each role. Sharing administrative accounts to simplify support.

8Why do security agencies discourage paying a ransomware demand? Payments are always refunded by the attacker after decryption. There is no assurance of recovery and it funds future attacks. Paying a ransom is illegal in every country. Attackers usually request payment in physical gift cards.

9Which technology helps security teams identify ransomware activity early? Legacy on-premises file servers. Virtual private networks without authentication. Unsigned firmware updates on IoT devices. Endpoint detection and response (EDR) solutions.

10How does a ransomware tabletop exercise help an organization? It lets teams practice their roles and decisions before a real incident. It guarantees cyber insurance will cover any ransom payment. It replaces the need to maintain incident response plans. It eliminates the need for backups if everyone participates.

10 questions to test your ransomware response skills