ransomware-response-coordinator
by LocoLoboZ
Professional-grade orchestration for ransomware triage, containment, recovery planning, and executive reporting.
- Draft a structured containment checklist for active encryption events
- Assess backup integrity and develop a prioritized recovery roadmap
- Generate executive-ready incident reports and stakeholder escalations
Secure checkout via Stripe
Included in download
- Draft a structured containment checklist for active encryption events
- Assess backup integrity and develop a prioritized recovery roadmap
- Ready for including Claude Code
- Includes example output and usage patterns
See it in action
A real example of what this skill takes in and produces.
Sample input
We have a confirmed ransomware incident affecting 40 endpoints and three file servers. The ransom note appeared six hours ago. We have offline backups but have not yet validated their integrity. The incident commander is engaged. Produce a containment action tracker, evidence preservation checklist, and an initial executive update.
Sample output
The skill produces a confirmed incident summary with status, confidence level, and evidence base, an immediate containment priority list covering isolation, account control, lateral movement reduction, and backup protection, an evidence preservation checklist, a backup and recovery status section with clean restore validation points, and an executive update draft noting confirmed facts, unknowns, business impact, and next decision points. Legal, regulatory, and insurance escalation flags are clearly marked for specialist handling.
Professional-grade orchestration for ransomware triage, containment, recovery planning, and executive reporting.
Secure checkout via Stripe
Included in download
- Draft a structured containment checklist for active encryption events
- Assess backup integrity and develop a prioritized recovery roadmap
- Ready for including Claude Code
- Includes example output and usage patterns
- Instant install
See it in action
A real example of what this skill takes in and produces.
Sample input
We have a confirmed ransomware incident affecting 40 endpoints and three file servers. The ransom note appeared six hours ago. We have offline backups but have not yet validated their integrity. The incident commander is engaged. Produce a containment action tracker, evidence preservation checklist, and an initial executive update.
Sample output
The skill produces a confirmed incident summary with status, confidence level, and evidence base, an immediate containment priority list covering isolation, account control, lateral movement reduction, and backup protection, an evidence preservation checklist, a backup and recovery status section with clean restore validation points, and an executive update draft noting confirmed facts, unknowns, business impact, and next decision points. Legal, regulatory, and insurance escalation flags are clearly marked for specialist handling.
About This Skill
What it does
The Ransomware Response Coordinator is a specialized incident response (IR) framework designed to guide cybersecurity professionals through the critical stages of a ransomware crisis. It orchestrates the transition from initial detection to forensic preservation, containment, and recovery planning by synthesizing evidence like ransom notes, logs, and asset context.
Why use this skill
Unlike generic AI prompts that provide surface-level advice, this skill enforces strict defensive protocols and enterprise-grade IR methodologies. It ensures that security teams don't miss critical steps like checking backup immutability or preserving forensic evidence before containment. It handles the "fog of war" by separating confirmed facts from assumptions, helping leads provide clear updates to legal, insurance, and executive stakeholders.
Supported Workflows
- Triage: Validating indicators of compromise (IOCs) and mass encryption events.
- Containment: Prioritizing lateral movement reduction and identity isolation.
- Recovery: Developing decision matrices for clean restores vs. system rebuilds.
- Reporting: Generating executive summaries, forensic trackers, and post-incident hardening plans.
The skill is product-agnostic and adapts to your specific stack, whether you use Splunk, CrowdStrike, Veeam, or SentinelOne.
Use Cases
- Draft a structured containment checklist for active encryption events
- Assess backup integrity and develop a prioritized recovery roadmap
- Generate executive-ready incident reports and stakeholder escalations
- Map observed attacker behavior to defensive hardening actions
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/ransomware-response-coordinator | tar xz -C ~/.claude/skills/Free skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
Allowed Hosts
File Scopes
Works with any agent that supports the Universal SKILL.md standard, including Claude Code, Codex CLI, Cursor, VS Code Copilot, Gemini CLI, and any agent that supports the Universal SKILL.md standard. Requires user-supplied incident context and tooling confirmation.
Creator
I design and publish skills built from real professional practice across three areas: cyber security consulting, business operations, and AI workflow engineering. My cyber security skills draw on active advisory work spanning governance, risk, compliance, assurance, and executive reporting. They are built for practitioners who need structured, defensible outputs - not generic templates. My business operations skills cover the day-to-day work of running a consulting practice: bookkeeping, financial tracking, expense reconciliation, and marketing content - designed to reduce repetitive overhead and keep outputs consistent. My AI platform and workflow skills are built for people who want to get more out of Claude and similar platforms - covering prompt engineering, skill architecture, automation pipelines, and agent enhancement. Every skill I publish has been tested in production use before it reaches the marketplace. If it is here, it works.
Frequently Asked Questions
Learn More About AI Agent Skills
More Premium Skills
designing-hybrid-context-layers
Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.
consumer-motivation-analyzer
Go beyond surface-level feedback to uncover the psychological drivers and hidden motivations behind buyer behavior.
Bounty Security Pattern Master Library — 399 Vulnerability Patterns
A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.
diagnosing-rag-failure-modes
RAG fails quietly. It retrieves documents, returns confident-looking answers, and misses the question entirely — because the question required connecting facts across documents, reasoning about sequence, or tracing causation. This skill gives you a five-question diagnostic checklist that classifies any failing query as either RAG-safe or structurally RAG-incompatible, then maps it to the specific failure pattern and the architectural fix that resolves it.