This will be an after-action report on the exercise from the preconference workshop "Department Disaster Recovery exercise: Ransomware struck. What next?" The goal is to identify both what went well, what went wrong, and what lessons can be taken and applied to other disaster recovery plans.