Hi! I wrote a post describing the main stages of a ransomware attack, from exploiting a user's endpoint (client-side attack) to the three possible extortion demands: ransom for decryption keys, ransom for recovering exfiltrated data, and ransom to avoid DDoS attacks. I also present a complete list of countermeasures based on the NIST Ransomware Framework Profile, derived from the NIST Cybersecurity Framework. I hope this can be helpful!

https://cloudnroll.com/2023/07/10/client-side-ransomware-attacks-and-a-defensive-framework-for-your-organization/