Ransomware Risk Management: A Cybersecurity Framework Profile an great document from NIST

 Ransomware is a type of malicious attack where attackers encrypt an
organization’s data and demand payment to restore access. Attackers may
also steal an organization’s information and demand an additional
payment in return for not disclosing the information to authorities,
competitors, or the public. This Ransomware Profile identifies the
Cybersecurity Framework Version 1.1 security objectives that support
identifying, protecting against, detecting, responding to, and
recovering from ransomware events. The profile can be used as a guide to
managing the risk of ransomware events. That includes helping to gauge
an organization’s level of readiness to counter ransomware threats and
to deal with the potential consequences of events.


to download the publications go here