DOJ has you covered! The Department of Justice recently released its best practices on how to prepare for and deal with a cyber attack.
Specifically, the DOJ recommends having a good plan in place prior to an attack: identify “critical data and assets that warrant increased security, [have] the technology and services needed to respond to a cyber incident in place, [have] legal counsel that is familiar with legal issues associated with cyber incidents, and [ensure] that your team knows who is responsible for what tasks in the event of an attack.”
Should an attack happen, the DOJ recommends “assessing the scope of the incident and working quickly to prevent any on-going damage, collecting and preserving data related to the attack, and notifying law enforcement.” Additionally, it is recommended not to use any systems that have been compromised in the past nor trying to “hack back” against those who originally launched the attack.