Ransomware
Defending Against Digital Extortion
Published on 21. November 2016
190 pages
978-1-4919-6785-0 (ISBN)
Description
The biggest online threat to businesses and consumers today is ransomware, a category of malware that can encrypt your computer files until you pay a ransom to unlock them. With this practical book, youll learn how easily ransomware infects your system and what steps you can take to stop the attack before it sets foot in the network.Security experts Allan Liska and Timothy Gallo explain how the success of these attacks has spawned not only several variants of ransomware, but also a litany of ever-changing ways theyre delivered to targets. Youll learn pragmatic methods for responding quickly to a ransomware attack, as well as how to protect yourself from becoming infected in the first place.Learn how ransomware enters your system and encrypts your filesUnderstand why ransomware use has grown, especially in recent yearsExamine the organizations behind ransomware and the victims they targetLearn how wannabe hackers use Ransomware as a Service (RaaS) to launch campaignsUnderstand how ransom is paidand the pros and cons of payingUse methods to protect your organizations workstations and servers
More details
Other editions
Additional editions
Book
01/2017
O'Reilly
€37.50
Shipment within 10-20 days
Content
- Intro
- Copyright
- Table of Contents
- Preface
- Conventions Used in This Book
- Using Code Examples
- O'Reilly Safari
- How to Contact Us
- Acknowledgments
- Part I. Understanding Ransomware
- Chapter 1. Introduction to Ransomware
- Ransomware's Checkered Past
- Anatomy of a Ransomware Attack
- Deployment
- Installation
- Command-and-Control
- Destruction
- Extortion
- Destruction Phase
- File Encryption
- System or Browser Locking
- The Rapid Growth of Ransomware
- Other Factors
- Misleading Applications, FakeAV, and Modern CrytpoRansomware
- Summary
- Chapter 2. Pros and Cons of Paying the Ransom
- "Oh"
- Knowing What Is Actually Backed Up
- Knowing Which Ransomware Family Infected the System
- When to Pay the Ransom
- Ransomware and Reporting Requirements
- PCI DSS and Ransomware
- HIPPA
- Summary
- Chapter 3. Ransomware Operators and Targets
- Criminal Organizations
- TeslaCrypt
- CryptXXX
- CryptoWall
- Locky
- Ranscam
- Who Are Ransomware Groups Targeting?
- Evolving Targets
- Advanced Hacking Groups Move In
- Ransomware as a Service (RaaS)
- Different RaaS Models
- RaaS Disrupts Security Tools
- Summary
- Part II. Defensive Tactics
- Chapter 4. Protecting Workstations and Servers
- Attack Vectors for Ransomware
- Hardening the System and Restricting Access
- Time to Ditch Flash
- Asset Management, Vulnerability, Scanning, and Patching
- Disrupting the Attack Chain
- Looking for the Executable Post-Attack
- Protecting Public-Facing Servers
- Alerting and Reacting Quickly
- Honeyfiles and Honeydirectories
- Summary
- Chapter 5. Protecting the Workforce
- Knowing the Risks and Targets
- Learning How to Prevent Compromises
- Email Attachment Scanning
- Tracking Down the Websites
- Testing and Teaching Users
- Security Awareness Training
- Phishing Users
- Post Ransomware
- Summary
- Chapter 6. Threat Intelligence and Ransomware
- Understanding the Latest Delivery Methods
- Using the Latest Network Indicators
- Detecting the Latest Behavioral Indicators
- User Behavior Analytics
- Summary
- Part III. Ransomware Families
- Chapter 7. Cerber
- Who Developed Cerber?
- The Encryption Process
- Cerber and BITS
- Protecting Against Cerber
- Summary
- Chapter 8. Locky
- Who Developed Locky?
- The Encryption Process
- Understanding Locky's DGA
- Zepto and Bart Variants
- DLL Delivery
- Protecting Against Locky
- Block the Spam
- Disable Macros in Microsoft Office Documents
- Don't Allow JavaScript Files to Execute Locally
- Stop the Initial Callout
- Reverse-Engineering the DGA
- Summary
- Chapter 9. CryptXXX
- Who Developed CryptXXX?
- Advanced Endpoint Protection Versus Sandboxing
- Crypt + XXX
- The Encryption Process
- Protecting Against CryptXXX
- Exploit Kits
- DNS Firewalls and IDS
- Stopping CryptXXX
- Summary
- Chapter 10. Other Ransomware Families
- CryptoWall
- Who Developed CryptoWall?
- The Encryption Process
- PowerWare
- The Encryption Process
- Protecting Against PowerWare
- Ransom32
- KeRanger/KeyRanger
- Hidden Tear
- TeslaCrypt
- Mobile Ransomware
- Ransomware Targeting Medical Devices
- Medical Devices
- Summary
- Index
- About the Authors
- Colophon
