This chapter discusses how to create a detailed ransomware response plan, including why do it at all, when to do it, and what it should include. Creating and practicing a ransomware plan likely means faster detection, faster response times, lower damage costs, faster back to operation times, and less legal liability. A ransomware response plan needs to have the key people, policies, tools, decisions, and processes necessary to respond to a ransomware attack. Cyber security professionals' ransomware response plan needs to identify, ahead of time, all the people and teams that will need to be involved in a ransomware response event. Recommended roles include: team leader, senior management, legal representative, help desk, and so on. Even though a backup alone will not usually mitigate all the damage caused by most ransomware programs, a reliable, thorough, tested, offline, up‐to‐date backup must be a critical requirement.