Ransomware Protection Playbook

Ransomware Protection Playbook
Авторы книги: id книги: 2160103     Оценка: 0.0     Голосов: 0     Отзывы, комментарии: 0 2259,2 руб.     (22,23$) Читать книгу Купить и скачать книгу Электронная книга Жанр: Зарубежная компьютерная литература Правообладатель и/или издательство: John Wiley & Sons Limited Дата добавления в каталог КнигаЛит: ISBN: 9781119849131 Скачать фрагмент в формате   fb2   fb2.zip Возрастное ограничение: 0+ Оглавление Отрывок из книги

Реклама. ООО «ЛитРес», ИНН: 7719571260.

Описание книги

Avoid becoming the next ransomware victim by taking practical steps today  Colonial Pipeline. CWT Global. Brenntag. Travelex. The list of ransomware victims is long, distinguished, and sophisticated. And it’s growing longer every day.  In  Ransomware Protection Playbook , computer security veteran and expert penetration tester Roger A. Grimes delivers an actionable blueprint for organizations seeking a robust defense against one of the most insidious and destructive IT threats currently in the wild. You’ll learn about concrete steps you can take now to protect yourself or your organization from ransomware attacks.  In addition to walking you through the necessary technical preventative measures, this critical book will show you how to:  Quickly detect an attack, limit the damage, and decide whether to pay the ransom Implement a pre-set game plan in the event of a game-changing security breach to help limit the reputational and financial damage Lay down a secure foundation of cybersecurity insurance and legal protection to mitigate the disruption to your life and business A must-read for cyber and information security professionals, privacy leaders, risk managers, and CTOs,  Ransomware Protection Playbook  is an irreplaceable and timely resource for anyone concerned about the security of their, or their organization’s, data.

Оглавление

Roger A. Grimes. Ransomware Protection Playbook

Table of Contents

List of Tables

List of Illustrations

Guide

Pages

Ransomware Protection Playbook

Introduction

Who This Book Is For

What Is Covered in This Book?

Part I: Introduction

Part II: Detection and Recovery

How to Contact Wiley or the Author

Part I Introduction

Chapter 1 Introduction to Ransomware

How Bad Is the Problem?

Variability of Ransomware Data

True Costs of Ransomware

Types of Ransomware

Fake Ransomware

Immediate Action vs. Delayed

Automatic or Human-Directed

Single Device Impacts or More

Ransomware Root Exploit

File Encrypting vs. Boot Infecting

Good vs. Bad Encryption

Encryption vs. More Payloads

Ransomware as a Service

Typical Ransomware Process and Components

Infiltrate

After Initial Execution

Dial-Home

Auto-Update

Check for Location

Cybercriminal Safe Havens

Initial Automatic Payloads

Waiting

Hacker Checks C&C

More Tools Used

Reconnaissance

Readying Encryption

Data Exfiltration

Encryption

Extortion Demand

Negotiations

Provide Decryption Keys

Ransomware Goes Conglomerate

Ransomware Industry Components

Summary

Chapter 2 Preventing Ransomware

Nineteen Minutes to Takeover

Eighty Percent of Ransomware Victims Suffer a Second Attack

Good General Computer Defense Strategy

Understanding How Ransomware Attacks

The Nine Exploit Methods All Hackers and Malware Use

Top Root-Cause Exploit Methods of All Hackers and Malware

Top Root-Cause Exploit Methods of Ransomware

Preventing Ransomware

Primary Defenses

Comprehensive Anti-phishing Ebook

Everything Else

Use Application Control

Flu-Shot!

Antivirus Prevention

Secure Configurations

Privileged Account Management

Security Boundary Segmentation

Zero Trust

Data Protection

Block USB Keys

Implement a Foreign Russian Language

CISA Ransomware Readiness Tool

Beyond Self-Defense

Geopolitical Solutions

International Cooperation and Law Enforcement

Coordinated Technical Defense

Disrupt Money Supply

Fix the Internet

Summary

Chapter 3 Cybersecurity Insurance

Cybersecurity Insurance Shakeout

Ransomware Wasn't the Only Problem

Did Cybersecurity Insurance Make Ransomware Worse?

Cybersecurity Insurance Policies

What's Covered by Most Cybersecurity Policies

Recovery Costs

Ransom

Root-Cause Analysis

Business Interruption Costs

Customer/Stakeholder Notifications and Protection

Fines and Legal Investigations

Example Cyber Insurance Policy Structure

Costs Covered and Not Covered by Insurance

The Insurance Process

Getting Insurance

Cybersecurity Risk Determination

Underwriting and Approval

Incident Claim Process

Initial Technical Help

What to Watch Out For

Social Engineering Outs

Make Sure Your Policy Covers Ransomware

Employee's Mistake Involved

Does E&O Cover Employee Mistakes?

Work-from-Home Scenarios

War Exclusion Clauses

Future of Cybersecurity Insurance

Summary

Chapter 4 Legal Considerations. This chapter and book should not be considered legal advice

Bitcoin and Cryptocurrencies

Pseudo Anonymous vs. Anonymous Identities

For More Information on Bitcoin and Blockchains

Ways Cybercriminals Can Cash Out Their Ill-Gotten Gains

Can You Be in Legal Jeopardy for Paying a Ransom?

Innocent Parties

Author's Perspective on the “Fairness” of Law

Consult with a Lawyer

Try to Follow the Money

Get Law Enforcement Involved

Get an OFAC License to Pay the Ransom

Do Your Due Diligence

Your Ransom Payment May Be Tax Deductible

Is It an Official Data Breach?

Preserve Evidence

Legal Defense Summary

Summary

Part II Detection and Recovery

Chapter 5 Ransomware Response Plan

Why Do Response Planning?

When Should a Response Plan Be Made?

What Should a Response Plan Include?

Store Your Ransomware Response Plan Offline

Small Response vs. Large Response Threshold

Key People

Communications Plan

Should Your Ransomware Response Plan Be Stored Online at All?

Keep the Plan Updated

Let Legal Be the Outside Communicator

Public Relations Plan

Reliable Backup

Ransom Payment Planning

Critical Communication About Ransomware Extortion

Cybersecurity Insurance Plan

What It Takes to Declare an Official Data Breach

Internal vs. External Consultants

Plan for Compromise

Cryptocurrency Wallet

Always Use Reliable Cryptocurrency Sources

Response

Checklist

Definitions

Practice Makes Perfect

Restrain Your Cowboys

Summary

Chapter 6 Detecting Ransomware

Why Is Ransomware So Hard to Detect?

Detection Methods

Security Awareness Training

AV/EDR Adjunct Detections

True Story

Detect New Processes

AV vs. EDR

Application Control May Be Cheaper in the Long Run

Anomalous Network Connections

New, Unexplained Things

What About Fileless Malware

Unexplained Stoppages

Aggressive Monitoring

Example Detection Solution

Summary

Chapter 7 Minimizing Damage

Basic Outline for Initial Ransomware Response

Weighing Cost-Benefit of Mitigations

Stop the Spread

Power Down or Isolate Exploited Devices

Disconnecting the Network

Prior to Network Disconnection

Disconnect at the Network Access Points

Practice Makes Perfect

Suppose You Can't Disconnect the Network

Initial Damage Assessment

What Is Impacted?

Ensure Your Backups Are Still Good

Check for Signs of Data and Credential Exfiltration

Check for Rogue Email Rules

What Do You Know About the Ransomware?

First Team Meeting

Determine Next Steps

Pay the Ransom or Not?

Recover or Rebuild?

Recovery versus Rebuild

Be Calm in the Storm

Summary

Chapter 8 Early Responses

What Do You Know?

Get on the Same Page

A Few Things to Remember

Encryption Is Likely Not Your Only Problem

Reputational Harm May Occur

Firings May Happen

Be Careful of Accepting Blame

It Could Get Worse

Do Not Disrespect a Ransomware Gang Under Any Circumstances

Major Decisions

Business Impact Analysis

Determine Business Interruption Workarounds

Did Data Exfiltration Happen?

Can You Decrypt the Data Without Paying?

Ransomware Is Buggy

Ransomware Decryption Websites

Ransomware Gang Publishes Decryption Keys

Sniff a Ransomware Key Off the Network?

Recovery Companies Who Lie About Decryption Key Use

If You Get the Decryption Keys

Don't Give Trust Easily

Save Encrypted Data Just in Case

Determine Whether the Ransom Should Be Paid

Not Paying the Ransom

Paying the Ransom

Recover or Rebuild Involved Systems?

Determine Dwell Time

Determine Root Cause

Point Fix or Time to Get Serious?

Early Actions

Preserve the Evidence

Remove the Malware

For Windows Computers

Change All Passwords

Summary

Chapter 9 Environment Recovery

Big Decisions

Recover vs. Rebuild

Retain Evidence

In What Order

Tiers

Restoring Network

Lab Testing

Restore IT Security Services

Reenabling the Internet

Restore Virtual Machines and/or Cloud Services

Restore Backup Systems

Restore Clients, Servers, Applications, Services

Lower-Priority Assets Recovered First?

Conduct Unit Testing

Rebuild Process Summary

Watch Out for Malicious Email Rules

Recovery Process Summary

Recovering a Windows Computer

Should You Use Safe Mode?

Recovering/Restoring Microsoft Active Directory

Summary

Chapter 10 Next Steps

Paradigm Shifts

Implement a Data-Driven Defense

Magnum Opus

Focus on Root Causes

Rank Everything!

Get and Use Good Data

Heed Growing Threats More

Row the Same Direction

Focus on Social Engineering Mitigation

Comprehensive Ebook on Fighting Social Engineering

Track Processes and Network Traffic

Improve Overall Cybersecurity Hygiene

Use Multifactor Authentication

Hacking Multifactor Authentication

Use a Strong Password Policy

Everything You Want to Know About Password Attacks and Defenses

Secure Elevated Group Memberships

Improve Security Monitoring

Secure PowerShell

Secure Data

Secure Backups

Summary

Chapter 11 What Not to Do

Assume You Can't Be a Victim

Think That One Super-Tool Can Prevent an Attack

Assume Too Quickly Your Backup Is Good

Use Inexperienced Responders

Give Inadequate Considerations to Paying Ransom

Lie to Attackers

Insult the Gang by Suggesting Tiny Ransom

Pay the Whole Amount Right Away

Argue with the Ransomware Gang

Apply Decryption Keys to Your Only Copy

Not Care About Root Cause

Keep Your Ransomware Response Plan Online Only

Allow a Team Member to Go Rogue

Accept a Social Engineering Exclusion in Your Cyber-Insurance Policy

Summary

Chapter 12 Future of Ransomware

Future of Ransomware

Attacks Beyond Traditional Computers

IoT Ransoms

Mixed-Purpose Hacking Gangs

Future of Ransomware Defense

Future Technical Defenses

Ransomware Countermeasure Apps and Features

Ransomware Heuristics

Canary Files

Blackholing

Encryption Key Capturing

AI Defense and Bots

Strategic Defenses

Focus on Mitigating Root Causes

Geopolitical Improvements

Systematic Improvements

Use Cyber Insurance as a Tool

Improve Internet Security Overall

Summary

Parting Words

Index

About the Author

About the Technical Editor

Acknowledgments

WILEY END USER LICENSE AGREEMENT

Отрывок из книги

Roger A. Grimes

Wess didn't call it ransomware then. You don't make up entirely new classification names until you get more than one of something, and at the time it was the first and only. It remained that way for years. Little did we know that it would be the beginning of a gigantic digital crime industry and a huge blight of digital evil across the world in the decades ahead.

.....

When the trojan's program payload ran, before the ransom instructions were shown, it did some rudimentary symmetric encryption to the files and folders. It would move all the existing files and subdirectories into a new set of subdirectories under the root directory, rename them, and enable DOS' “hidden” attribute features on each file and folder, which made them seem to disappear. All the files and folders would also be renamed using “high-order” extended ASCII control characters, which made everything appear as being invisible. Even if the DOS hidden attribute was discovered and turned off, the file and folder names looked corrupted. If the impacted user tried to do some common exploratory commands to see what happened, the malicious code brought back a fake DOS screen with fake results to confuse the user.

The main set of malicious subdirectories were created using extended ASCII character 255, which is a control code that looks like a space even though it is not. But like a space, it would not display on the screen or when printed. For all intents and purposes, all the files and folders appeared, to most users, to have disappeared or at least badly corrupted. But, importantly, none of the files were actually encrypted (unlike today's ransomware programs). The names of the files and folders were just renamed and moved.

.....

Добавление нового отзыва

Комментарий Поле, отмеченное звёздочкой  — обязательно к заполнению

Отзывы и комментарии читателей

Нет рецензий. Будьте первым, кто напишет рецензию на книгу Ransomware Protection Playbook
Подняться наверх