This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP Anti-Ransomware Guide Project

Jump to: navigation, search
OWASP Project Header.jpg

The OWASP Anti-Ransomware Guide

Open up any newspaper or news site and an increasingly common headline is becoming “hospital held for ransom”. While hospitals and other organizations often have downtime procedures that let them revert back to paper for dealing with power outages and other disasters, it is still a nightmare scenario to find your entire organization's IT infrastructure screeching to a halt all because someone clicked on a malicious link or opened a questionable email attachment. Moreover, many organizations have a significant number of legacy systems that make security a challenge and beyond very basic security provisions often do not have a corporate culture that is heavily focused on information security. This has left many organizations struggling with how to handle ransomware attacks. The below is meant to serve as a comprehensive defense in depth based checklist and guide to preventing ransomware from taking a foothold in your organization as well as ensuring the proper procedures are in place to deal with an actual ransomware outbreak in your environment. Given the prevalence of Windows systems as ransomware targets, the guide is geared towards a Windows environment but is designed to be product agnostic. Please note that the list is designed to be comprehensive and as such not all controls may be applicable to all environments.

Project Description

A guide and checklist organizations can use as the basis for creating a defense in depth strategy for combating ransomware and other types of malware.


The OWASP Anti-Ransomware guide is free to use. In fact it is encouraged!!! Additionally, we also encourage you to contribute back to the project.

The OWASP Anti-Ransomware Guide is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Project Leaders


Spanish Translation


News and Events



New projects.png
Project Type Files DOC.jpg

How can I participate in your project?

All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

If I am not a security expert can I participate in your project?

Yes, you can certainly participate in the project if you are not a security expert or technical. The project needs different skills and expertise and different times during its development.


The OWASP Anti-Ransomware Guide project is developed by a worldwide team of volunteers.

The first contributors to the project were:

Road Map

Use the feedback received from version 1 of the document and use it to create an even more robust and comprehensive version 2 of the guide.

Get Involved

Involvement in the development and promotion of OWASP Anti-Ransomware Guide Project is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

   Suggest Additional Security Controls
   Proof Reading
   Graphic Design
   Educate local communities
What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: OWASP Anti-Ransomware Guide
Purpose: A guide and checklist organizations can use as the basis for creating a defense in depth strategy for combating ransomware and other types of malware.
License: Creative Commons Attribution-ShareAlike 3.0 license: [
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: N/A
Project Roadmap: Not Yet Created
Key Contacts
current release
Not Yet Published
last reviewed release
Not Yet Reviewed

other releases