Ransomware protection playbook
The list of ransomware victims is long, distinguished, and sophisticated. And it's growing longer every day. In Ransomware Protection Playbook, computer security veteran and expert penetration tester Roger A. Grimes delivers an actionable blueprint for organizations seeking a robust defense aga...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Hoboken, New Jersey :
Wiley
[2022]
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009645697006719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright Page
- About the Author
- About the Technical Editor
- Acknowledgments
- Contents
- Introduction
- Who This Book Is For
- What Is Covered in This Book?
- How to Contact Wiley or the Author
- Part I Introduction
- Chapter 1 Introduction to Ransomware
- How Bad Is the Problem?
- Variability of Ransomware Data
- True Costs of Ransomware
- Types of Ransomware
- Fake Ransomware
- Immediate Action vs. Delayed
- Automatic or Human-Directed
- Single Device Impacts or More
- Ransomware Root Exploit
- File Encrypting vs. Boot Infecting
- Good vs. Bad Encryption
- Encryption vs. More Payloads
- Ransomware as a Service
- Typical Ransomware Process and Components
- Infiltrate
- After Initial Execution
- Dial-Home
- Auto-Update
- Check for Location
- Initial Automatic Payloads
- Waiting
- Hacker Checks C&
- C
- More Tools Used
- Reconnaissance
- Readying Encryption
- Data Exfiltration
- Encryption
- Extortion Demand
- Negotiations
- Provide Decryption Keys
- Ransomware Goes Conglomerate
- Ransomware Industry Components
- Summary
- Chapter 2 Preventing Ransomware
- Nineteen Minutes to Takeover
- Good General Computer Defense Strategy
- Understanding How Ransomware Attacks
- The Nine Exploit Methods All Hackers and Malware Use
- Top Root-Cause Exploit Methods of All Hackers and Malware
- Top Root-Cause Exploit Methods of Ransomware
- Preventing Ransomware
- Primary Defenses
- Everything Else
- Use Application Control
- Antivirus Prevention
- Secure Configurations
- Privileged Account Management
- Security Boundary Segmentation
- Data Protection
- Block USB Keys
- Implement a Foreign Russian Language
- Beyond Self-Defense
- Geopolitical Solutions
- International Cooperation and Law Enforcement
- Coordinated Technical Defense
- Disrupt Money Supply.
- Fix the Internet
- Summary
- Chapter 3 Cybersecurity Insurance
- Cybersecurity Insurance Shakeout
- Did Cybersecurity Insurance Make Ransomware Worse?
- Cybersecurity Insurance Policies
- What's Covered by Most Cybersecurity Policies
- Recovery Costs
- Ransom
- Root-Cause Analysis
- Business Interruption Costs
- Customer/Stakeholder Notifications and Protection
- Fines and Legal Investigations
- Example Cyber Insurance Policy Structure
- Costs Covered and Not Covered by Insurance
- The Insurance Process
- Getting Insurance
- Cybersecurity Risk Determination
- Underwriting and Approval
- Incident Claim Process
- Initial Technical Help
- What to Watch Out For
- Social Engineering Outs
- Make Sure Your Policy Covers Ransomware
- Employee's Mistake Involved
- Work-from-Home Scenarios
- War Exclusion Clauses
- Future of Cybersecurity Insurance
- Summary
- Chapter 4 Legal Considerations
- Bitcoin and Cryptocurrencies
- Can You Be in Legal Jeopardy for Paying a Ransom?
- Consult with a Lawyer
- Try to Follow the Money
- Get Law Enforcement Involved
- Get an OFAC License to Pay the Ransom
- Do Your Due Diligence
- Is It an Official Data Breach?
- Preserve Evidence
- Legal Defense Summary
- Summary
- Part II Detection and Recovery
- Chapter 5 Ransomware Response Plan
- Why Do Response Planning?
- When Should a Response Plan Be Made?
- What Should a Response Plan Include?
- Small Response vs. Large Response Threshold
- Key People
- Communications Plan
- Public Relations Plan
- Reliable Backup
- Ransom Payment Planning
- Cybersecurity Insurance Plan
- What It Takes to Declare an Official Data Breach
- Internal vs. External Consultants
- Cryptocurrency Wallet
- Response
- Checklist
- Definitions
- Practice Makes Perfect
- Summary
- Chapter 6 Detecting Ransomware
- Why Is Ransomware So Hard to Detect?.
- Detection Methods
- Security Awareness Training
- AV/EDR Adjunct Detections
- Detect New Processes
- Anomalous Network Connections
- New, Unexplained Things
- Unexplained Stoppages
- Aggressive Monitoring
- Example Detection Solution
- Summary
- Chapter 7 Minimizing Damage
- Basic Outline for Initial Ransomware Response
- Stop the Spread
- Power Down or Isolate Exploited Devices
- Disconnecting the Network
- Disconnect at the Network Access Points
- Suppose You Can't Disconnect the Network
- Initial Damage Assessment
- What Is Impacted?
- Ensure Your Backups Are Still Good
- Check for Signs of Data and Credential Exfiltration
- Check for Rogue Email Rules
- What Do You Know About the Ransomware?
- First Team Meeting
- Determine Next Steps
- Pay the Ransom or Not?
- Recover or Rebuild?
- Summary
- Chapter 8 Early Responses
- What Do You Know?
- A Few Things to Remember
- Encryption Is Likely Not Your Only Problem
- Reputational Harm May Occur
- Firings May Happen
- It Could Get Worse
- Major Decisions
- Business Impact Analysis
- Determine Business Interruption Workarounds
- Did Data Exfiltration Happen?
- Can You Decrypt the Data Without Paying?
- Ransomware Is Buggy
- Ransomware Decryption Websites
- Ransomware Gang Publishes Decryption Keys
- Sniff a Ransomware Key Off the Network?
- Recovery Companies Who Lie About Decryption Key Use
- If You Get the Decryption Keys
- Save Encrypted Data Just in Case
- Determine Whether the Ransom Should Be Paid
- Not Paying the Ransom
- Paying the Ransom
- Recover or Rebuild Involved Systems?
- Determine Dwell Time
- Determine Root Cause
- Point Fix or Time to Get Serious?
- Early Actions
- Preserve the Evidence
- Remove the Malware
- Change All Passwords
- Summary
- Chapter 9 Environment Recovery
- Big Decisions
- Recover vs. Rebuild
- In What Order.
- Restoring Network
- Restore IT Security Services
- Restore Virtual Machines and/or Cloud Services
- Restore Backup Systems
- Restore Clients, Servers, Applications, Services
- Conduct Unit Testing
- Rebuild Process Summary
- Recovery Process Summary
- Recovering a Windows Computer
- Recovering/Restoring Microsoft Active Directory
- Summary
- Chapter 10 Next Steps
- Paradigm Shifts
- Implement a Data-Driven Defense
- Focus on Root Causes
- Rank Everything!
- Get and Use Good Data
- Heed Growing Threats More
- Row the Same Direction
- Focus on Social Engineering Mitigation
- Track Processes and Network Traffic
- Improve Overall Cybersecurity Hygiene
- Use Multifactor Authentication
- Use a Strong Password Policy
- Secure Elevated Group Memberships
- Improve Security Monitoring
- Secure PowerShell
- Secure Data
- Secure Backups
- Summary
- Chapter 11 What Not to Do
- Assume You Can't Be a Victim
- Think That One Super-Tool Can Prevent an Attack
- Assume Too Quickly Your Backup Is Good
- Use Inexperienced Responders
- Give Inadequate Considerations to Paying Ransom
- Lie to Attackers
- Insult the Gang by Suggesting Tiny Ransom
- Pay the Whole Amount Right Away
- Argue with the Ransomware Gang
- Apply Decryption Keys to Your Only Copy
- Not Care About Root Cause
- Keep Your Ransomware Response Plan Online Only
- Allow a Team Member to Go Rogue
- Accept a Social Engineering Exclusion in Your Cyber-Insurance Policy
- Summary
- Chapter 12 Future of Ransomware
- Future of Ransomware
- Attacks Beyond Traditional Computers
- IoT Ransoms
- Mixed-PurposeHacking Gangs
- Future of Ransomware Defense
- Future Technical Defenses
- Ransomware Countermeasure Apps and Features
- AI Defense and Bots
- Strategic Defenses
- Focus on Mitigating Root Causes
- Geopolitical Improvements
- Systematic Improvements.
- Use Cyber Insurance as a Tool
- Improve Internet Security Overall
- Summary
- Parting Words
- Index
- EULA.
