Defend Against Ransomware Attacks Cyber Range Training (IR209)

9:00 AM EDT – 1:00 PM EDT
Location type
Event type

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to offer Incident Response Training event, Defend Against Ransomware Attacks Cyber Range Training (IR209) on Thursday, December 7, 2023, from 9 a.m. to 1 p.m. EDT. The 200-level training events are open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners. Please use your organization email address when registering. 

This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability.   

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a network’s defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure. In this training, participants will be introduced to common applications and process that harden network defenses, as well as key terms to be aware of in the prevention of ransomware attacks. 

Experience these benefits and more: 

  • Common attack methods: Define ransomware and identify best practices and preventive measures to mitigate the impact of ransomware attacks. 

  • Practice in a realistic environment: Learn how to apply specific tools to configure and backup active directory policies, reset KRBTGT account passwords and create application allowlisting policies. 

  • Identify and mitigate vulnerabilities in real time: Students will identify malicious domains and mitigate them by establishing a sinkhole and by blocking the malicious domain.  

  • Expert facilitation and peer discussion: Throughout the course, expert cybersecurity engineers will moderate discussions and conduct a recovery debrief for the exercises. Participants are also encouraged to help one another and offer relevant input to address peers' questions. 

This exercise is a step-by-step, facilitated experience that uses a keyboard approach to understand these topics in a realistic technical environment.  

Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment.  


  • Date: Thursday, December 7, 2023 

  • Time: 9 a.m. to 1 p.m. EDT 

  • Location: Online via WebEx 

  • CPE Credit: Participants can earn 4 CPE credits for attending this course. 

  • Attendee Requirements: This course requires active participation. Attendees can use government-issued computers or personal computers. A second monitor is recommended. 

  • Note: Audio is through WebEx; there is no external dial-in. 

  • Closed captioning (English only) will be available during this training event. Previously recorded webinars are available on the CISA YouTube Channel for playback in other languages, if required. 

Due to participation requirements, please register no later than 48 hours before the course starts. Cyber Insights will not accept registrations made less than 48 hours before the course start.