performing-ransomware-response

Installation
SKILL.md

Performing Ransomware Response

When to Use

  • Ransomware has been detected executing or file encryption is actively occurring
  • Users report inability to open files with unfamiliar extensions appended
  • A ransom note is discovered on one or more systems
  • EDR detects mass file modification patterns consistent with encryption behavior
  • Threat intelligence warns of an imminent ransomware campaign targeting the organization

Do not use for general malware incidents that do not involve file encryption or extortion; use malware incident response procedures instead.

Prerequisites

Installs
34
GitHub Stars
24.2K
First Seen
Mar 15, 2026
performing-ransomware-response — mukul975/anthropic-cybersecurity-skills