Читать книгу Ransomware Protection Playbook - Grimes Roger A., Roger A. Grimes - Страница 12

Part II will help you plan for and respond to a successful ransomware attack.

 Chapter 5, “Ransomware Response Plan” Every organization should have a detailed ransomware response plan created and practiced ahead of an actual ransomware event. Chapter 5 will cover what your ransomware response plan should contain.

 Chapter 6, “Detecting Ransomware” If you can't stop a cybersecurity exploit from happening, the next best thing is early warning and detection. Chapter 6 covers the best ways to detect ransomware and gives you the best chance to stop it before it begins to do real damage.

 Chapter 7, “Minimizing Damage” Chapter 7 assumes ransomware has been able to successfully compromise an environment and has encrypted files and exfiltrated data. How do you minimize the spread of ransomware and its damage during the first hours of the first day? Chapter 7 tells you how.

 Chapter 8, “Early Responses” After the initial damage has been prevented from spreading further, now comes the initial cleanup, better assessment, and additional responses, beyond just preventing further spread. Chapter 8 is what you need to be doing after the first day or two. How well you perform this part of the response often determines how long it will take to fully recover.

 Chapter 9, “Environment Recovery” Chapter 9 covers what you need to be doing after the first few days. You've stopped the spread, minimized the damage, and started to get some initial systems back up and working. Chapter 9 is what you need to be doing after the initial worst is over. It covers the longer-term items, the ones that often take days to weeks, or even months, to recover or rebuild.

 Chapter 10, “Next Steps” So, despite your best prevention efforts, you were successfully compromised by ransomware. Chapter 10 covers what lessons you need to learn and what mitigations you need to implement to prevent it from happening again. Many ransomware victims skip this step and often get hit again, and usually the additional times are worse. Learn what you need to learn and do to become more resilient against ransomware.

 Chapter 11, “What Not to Do” Knowing what not to do is as important as what to do in an emergency. Many ransomware victims have made the situation worse by making critical mistakes early on. Chapter 11 covers the things any organization should avoid doing to not make things even worse than they already are.

 Chapter 12, “Future of Ransomware” Chapter 12 covers the likely future of ransomware, how it will evolve, and what it will ultimately take to defeat it forever.