Ransomware and Cyber Extortion: Response and Prevention

by Karen Sprenger, Matt Durrin, Sherri Davidoff

Length: 352 pages
Edition: 1
Language: English
Publisher: Addison-Wesley Professional
Publication Date: 2022-11-28
ISBN-10: 0137450338
ISBN-13: 9780137450336
Sales Rank: #1103232 (See Top 100 Books)

Today, ransomware is causing dangerous operational failures, financial catastrophes, multi-million-dollar losses, and in some cases, deaths. Ransomware is even undermining the security of nation-states and becoming a contentious issue in international diplomacy. In Ransomware and Cyber Extortion: Response and Prevention , Sherri Davidson and her internationally renowned team of cybersecurity experts offer new insights and well-structured best practices for the entire lifecycle: prevention, detection, mitigation, remediation, and recovery.

Drawing on deep experience consulting with (and negotiating for) ransomware victims, the authors reveal how cyber extortionists now operate, and show how to limit damage, avoid costly mistakes, and reduce future risks. Their real-world case studies help you understand crucial complexities of ransomware response, and address issues ranging from avoiding reinfection to filing insurance claims.

Designed for easy use when you’re under the most pressure, Ransomware and Cyber Extortion contains clear, visual tips for communication, time management, and preparation, cloud-specific issues, and much more. If you haven’t faced a ransomware attack yet, count yourself lucky, and get this guide today–so you can prepare, before it’s too late.

Cover Page
About This eBook
Halftitle Page
Title Page
Copyright Page
Pearson’s Commitment to Diversity, Equity, and Inclusion
Dedication Page
Contents
Preface
    Who Should Read This Book?
    How This Book Is Organized
    Other Chapter Elements
    Stay Up to Date
Acknowledgments
About the Authors
Chapter 1. Impact
    1.1 A Cyber Epidemic
    1.2 What Is Cyber Extortion?
    1.3 Impacts of Modern Cyber Extortion
    1.4 Victim Selection
    1.5 Scaling Up
    1.6 Conclusion
    1.7 Your Turn!
Chapter 2. Evolution
    2.1 Origin Story
    2.2 Cryptoviral Extortion
    2.3 Early Extortion Malware
    2.4 Key Technological Advancements
    2.5 Ransomware Goes Mainstream
    2.6 Ransomware-as-a-Service
    2.7 Exposure Extortion
    2.8 Double Extortion
    2.9 An Industrial Revolution
    2.10 Conclusion
    2.11 Your Turn!
Chapter 3. Anatomy of an Attack
    3.1 Anatomy Overview
    3.2 Entry
    3.3 Expansion
    3.4 Appraisal
    3.5 Priming
    3.6 Leverage
    3.7 Extortion
    3.8 Conclusion
    3.9 Your Turn!
Chapter 4. The Crisis Begins!
    4.1 Cyber Extortion Is a Crisis
    4.2 Detection
    4.3 Who Should Be Involved?
    4.4 Conduct Triage
    4.5 Assess Your Resources
    4.6 Develop the Initial Response Strategy
    4.7 Communicate
    4.8 Conclusion
    4.9 Your Turn!
Chapter 5. Containment
    5.1 The Need for Speed
    5.2 Gain Access to the Environment
    5.3 Halting Encryption/Deletion
    5.4 Disable Persistence Mechanisms
    5.5 Halting Data Exfiltration
    5.6 Resolve Denial-of-Service Attacks
    5.7 Lock Out the Hackers
    5.8 Hunt for Threats
    5.9 Taking Stock
    5.10 Conclusion
    5.11 Your Turn!
Chapter 6. Investigation
    6.1 Research the Adversary
    6.2 Scoping
    6.3 Breach Investigation or Not?
    6.4 Evidence Preservation
    6.5 Conclusion
    6.6 Your Turn!
Chapter 7. Negotiation
    7.1 It’s a Business
    7.2 Establish Negotiation Goals
    7.3 Outcomes
    7.4 Communication Methods
    7.5 Pressure Tactics
    7.6 Tone, Timeliness, and Trust
    7.7 First Contact
    7.8 Sharing Information
    7.9 Common Mistakes
    7.10 Proof of Life
    7.11 Haggling
    7.12 Closing the Deal
    7.13 Conclusion
    7.14 Your Turn!
Chapter 8. Payment
    8.1 To Pay or Not to Pay?
    8.2 Forms of Payment
    8.3 Prohibited Payments
    8.4 Payment Intermediaries
    8.5 Timing Issues
    8.6 After Payment
    8.7 Conclusion
    8.8 Your Turn!
Chapter 9. Recovery
    9.1 Back up Your Important Data
    9.2 Build Your Recovery Environment
    9.3 Set up Monitoring and Logging
    9.4 Establish Your Process for Restoring Individual Computers
    9.5 Restore Based on an Order of Operations
    9.6 Restoring Data
    9.7 Decryption
    9.8 It’s Not Over
    9.9 Adapt
    9.10 Conclusion
    9.11 Your Turn!
Chapter 10. Prevention
    10.1 Running an Effective Cybersecurity Program
    10.2 Preventing Entry
    10.3 Detecting and Blocking Threats
    10.4 Operational Resilience
    10.5 Reducing Risk of Data Theft
    10.6 Solving the Cyber Extortion Problem
    10.7 Conclusion
    10.8 Your Turn!
Afterword
Checklist A. Cyber Extortion Response
    The Crisis Begins
    Containment
    Investigation
    Negotiation
    Payment
    Recovery
Checklist B. Resources to Create in Advance
    Response plans that clearly delineate
    Crisis communications plans that address
    Specific procedures for tasks such as
    Contact information for the response team, leadership, and third parties
    Templates for use throughout the response
    Technology to support response efforts
    Reference materials
Checklist C. Planning Your Response
Checklist D. Running an Effective Cybersecurity Program
    Know What You’re Trying to Protect
    Understand Your Obligations
    Manage Your Risk
    Monitor Your Risk
Index
Code Snippets