Please see https://www.usenix.org/conference/lisa21/presentation/kacoroski for a longer version of the talk as I gave it as a Keynote at the LISA 2021 conference. I would love to have more time, but will fit the key points into 20 minutes if that is all I have. Abstract is:

This talk covers a ransomware attack on medium size school district (23K students, 4K staff). We start with the timeline of the attack that was determined by forensic analysis, cover what was damaged in the attack, and then cover the attack recovery process. Then we'll discuss changes that were made to avoid and mitigate any future attacks. We wrap up with the lessons learned during this attack in the hope that they will help you to avoid and recover quicker if you do experience a ransomware attack.

After this talk you will have a better understanding of how an attack happens, what kind of alerts may be symptoms of an attack, what to do in case you are attacked, what happens after you are attacked, and what actions you can take now to avoid and mitigate a ransomware attack.

cheers,

ski