The multiple challenges posed by cyberattacks, which have wreaked havoc on organizations in every industry sector, demand a carefully planned interdisciplinary approach. In a recent Practising Law Institute presentation, cybersecurity experts from Hunton, Brunswick Group and Stroz Friedberg walked through a hypothetical ransomware attack and discussed best practices for an appropriate incident response plan in the moments, hours and days that follow. This first article in a two-part series covers discovery of the breach through day four of the investigation, and part two will address day five through the post-mortem. While the hypothetical's company was fictitious, the incident discussed was inspired by real-life events and actual business impact and threat-actor activities. See “Tips and New Benchmarks for Creating Effective Tabletop Exercises” (Oct. 14, 2020).