Many companies’ incident response plans have not caught up with the communications challenges of ransomware attacks. A recent Privacy + Security Forum workshop examined how the coronavirus pandemic, ransomware gangs, popular culture and federal policymaking have increased the pressure on companies during ransomware attacks. This article provides guiding principles for communications and best practices for each phase of a ransomware crisis, from outage to reputation recovery, with insights from ransomware responders at Edelman and Latham & Watkins. See “A Checklist to Help Fund Managers Assess Their Cybersecurity Programs” (Oct. 11, 2022).