O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Preventing Ransomware

Book Description

Your one-stop guide to know digital extortion and it's prevention.

About This Book

  • A complete guide to how ransomware works
  • Build a security mechanism to prevent digital extortion.
  • A practical approach to knowing about, and responding to, ransomware.

Who This Book Is For

This book is targeted towards security administrator, security analysts, or any stakeholders in the security sector who want to learn about the most trending malware in the current market: ransomware.

What You Will Learn

  • Understand malware types and malware techniques with examples
  • Obtain a quick malware analysis
  • Understand ransomware techniques, their distribution, and their payment mechanism
  • Case studies of famous ransomware attacks
  • Discover detection technologies for complex malware and ransomware
  • Configure security software to protect against ransomware
  • Handle ransomware infections

In Detail

Ransomware has turned out to be the most aggressive malware and has affected numerous organizations in the recent past. The current need is to have a defensive mechanism in place for workstations and servers under one organization.

This book starts by explaining the basics of malware, specifically ransomware. The book provides some quick tips on malware analysis and how you can identify different kinds of malware. We will also take a look at different types of ransomware, and how it reaches your system, spreads in your organization, and hijacks your computer. We will then move on to how the ransom is paid and the negative effects of doing so. You will learn how to respond quickly to ransomware attacks and how to protect yourself. The book gives a brief overview of the internals of security software and Windows features that can be helpful in ransomware prevention for administrators. You will also look at practical use cases in each stage of the ransomware phenomenon. The book talks in detail about the latest ransomware attacks involving WannaCry, Petya, and BadRabbit.

By the end of this book, you will have end-to-end knowledge of the trending malware in the tech industry at present.

Style and approach

The practical end to end guide which helps security administrators, security analysts, or any stakeholders in the security sector to learn about ransomware attack and its prevention.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Preventing Ransomware
  3. Packt Upsell
    1. Why subscribe?
    2. PacktPub.com
  4. Contributors
    1. About the authors
    2. About the reviewer
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the color images
      2. Conventions used
    4. Get in touch
      1. Reviews
    5. Disclaimer
  6. Malware from Fun to Profit
    1. 1. The malware story
      1. 1.1 Malware in the womb
      2. 1.2 The birth of malware
      3. 1.3 Malware started crawling
      4. 1.4 Malware started playing
      5. 1.5 Malware started earning
    2. 2. Windows operating system basics
      1. 2.1 File format
      2. 2.2 Windows executable made simple
      3. 2.3 Windows virtual memory made simple
      4. 2.4 Windows DLL made simple
        1. 2.4.1 How does an API call happen?
      5. 2.5 API hooking made simple
    3. 3. Malware components
      1. 3.1 Payload
      2. 3.2 Obfuscator/packer – a wolf in sheep's clothing
      3. 3.3 Malware persistence
        1. 3.3.1 Startup folders
        2. 3.3.2 Run entries
        3. 3.3.3 Windows services
        4. 3.3.4 Files executed at Windows start
      4. 3.4 Stealth – a game of hide-and-seek
        1. 3.4.1 File properties – an old-school trick
        2. 3.4.2 Injecting code into a legitimate process
        3. 3.4.3 Rootkits
        4. 3.4.4 Fileless malware
      5. 3.5 Armoring
      6. 3.6 Command and control server
    4. 4. Types of malware
      1. 4.1 Backdoor
      2. 4.2 Downloader
      3. 4.3 Virus or file infector
      4. 4.4 Worm
      5. 4.5 Botnet
      6. 4.6 Keylogger and password stealer
      7. 4.7 Banking malware
      8. 4.8 POS malware
      9. 4.9 Hacktool
      10. 4.10 RAT
      11. 4.11 Exploit
    5. 5. How does antivirus name malware?
    6. 6. Summary
  7. Malware Analysis Fundamentals
    1. 1. Static analysis
      1. 1.1 File type
      2. 1.2 Static properties of an .exe file
      3. 1.3 Disadvantages of static analysis
    2. 2. Dynamic or behavior analysis
      1. 2.1 File and registry monitoring
      2. 2.2 Autorun tools
      3. 2.3 Network monitoring tools
      4. 2.4 API logger
      5. 2.5 Process inspection
        1. 2.5.1 URLs and IP addresses of command and control servers
        2. 2.5.2 Armoring related strings
        3. 2.5.3 Registry changes
        4. 2.5.4 Strings related to a stealer
        5. 2.5.5 Strings related to banking malware
      6. 2.6 Sandbox as a malware analysis tool
      7. 2.7 Ransomware behavior
    3. 3. Summary
  8. Ransomware Distribution
    1. 1. Attacks through emails
    2. 2. Microsoft Word macros
    3. 3. Web attacks
      1. 3.1 Exploit kits
        1. 3.1.1 BlackHole exploit kit
        2. 3.1.2 Nuclear exploit kit
        3. 3.1.3 Neutrino Exploit kit
        4. 3.1.4 Analyzing landing pages
    4. 4. Lateral movement
    5. 5. Botnets and downloaders
    6. 6. Summary
  9. Ransomware Techniques for Hijacking the System
    1. 1. Scareware and rogue security software
      1. 1.1 List of popular FakeAntivirus
      2. 1.2 Prevention and removal techniques
    2. 2. ScreenLocker ransomware
      1. 2.1 How does ScreenLocker ransomware work on Windows OS?
      2. 2.2 Different kinds of messages from the ScreenLocker
      3. 2.3 Analyzing a ScreenLocker ransomware
      4. 2.4 Prevention and removal techniques
    3. 3. Browser locker
      1. 3.1 How does a browser locker use JavaScript to act as ransomware?
      2. 3.2 Prevention and removal techniques
    4. 4. Crypto ransomware
      1. 4.1 How does crypto ransomware work?
      2. 4.2 Overview of cryptography
        1. 4.2.1 Symmetric key
        2. 4.2.2 Asymmetric key
      3. 4.3 How does ransomware use cryptography?
      4. 4.4 Analyzing crypto ransomware
      5. 4.5 Prevention and removal techniques for crypto ransomware
    5. 5. Ransomware targeting infrastructure
      1. 5.1 Prevention techniques
    6. 6. Boot ransomware
      1. 6.1 Windows boot process
      2. 6.2 How can malware infect the boot sector?
      3. 6.3 Analyzing bootkit and boot ransomware
      4. 6.4 Prevention and removal techniques
    7. 7. Summary
  10. Ransomware Economics
    1. 1. Anonymity 
    2. 2. Ransomware payment modes
      1. 2.1 Crypto currencies
    3. 3. RaaS
    4. 4. Other forms of ransom
    5. 5. Summary
  11. Case Study of Famous Ransomware
    1. 1. Reveton
    2. 2. VirLock – the hybrid ransomware
    3. 3. GPCODE or PGPCoder
    4. 4. CryptoLocker
    5. 5. Cryptowall
      1. 5.1 CryptoWall 1.0
      2. 5.2 CryptoWall 2.0
      3. 5.3 Cryptowall 3.0
      4. 5.4 Cryptowall 4.0
    6. 6. Locky
    7. 7. Cerber
    8. 8. Petya
      1. 8.1 PETYA/RED-PETYA
      2. 8.2 PETYA-MISCHA/GREEN-PETYA
      3. 8.3 PETYA GOLDEN EYE
    9. 9. WannaCry
    10. 10. NotPetya
    11. 11. BadRabbit
    12. 12. Ransomware on Android, macOS, and Linux
    13. 13. Summary
  12. Other Forms of Digital Extortion
    1. 1. DoS attacks
      1. 1.1 Teardrop attacks or IP fragmentation attacks
      2. 1.2 User Datagram Protocol flooding
      3. 1.3 SYN flood
      4. 1.4 Ping of death
      5. 1.5 Exploits
      6. 1.6 Botnets
      7. 1.7 Reflective DDoS attacks and amplification attacks
      8. 1.8 DD4BC
      9. 1.9 Armada Collective
      10. 1.10 Fancy Bear
    2. 2. Data breach attacks
      1. 2.1 Sony Pictures hack
    3. 3. Summary
  13. Ransomware Detection and Prevention
    1. 1. Desktop configuration
    2. 2. Antivirus
      1. 2.1 Hash algorithms
      2. 2.2 Pattern matching
      3. 2.3 Components of an antivirus engine
    3. 3. Exploit prevention on Windows
    4. 4. Anti-bootkit
    5. 5. Detection on a network
      1. 5.1 Firewalls
      2. 5.2 Intrusion detection and prevention systems
      3. 5.3 Sandboxes
    6. 6. Honeypots
    7. 7. Analytics, machine learning, and correlation
    8. 8. Data protection
      1. 8.1 Data encryption
      2. 8.2 Backup
      3. 8.3 Data loss prevention solutions
    9. 9. Process and compliance
    10. 10. Summary
  14. Incident Response
    1. 1. Isolating the infected machine
    2. 2. Notifying the law authorities
    3. 3. Contacting the antivirus vendor
    4. 4. Help from the web
    5. 5. Forensics
    6. 6. Summary
  15. The Future of Ransomware
    1. 1. The future of malware capabilities
      1. 1.1 Distribution channel
      2. 1.2 Anonymity
      3. 1.3 Evading detection
      4. 1.4 Avoiding decryption
      5. 1.5 Side stepping encryption
    2. 2. Future victims
      1. 2.1 Taking your website hostage
      2. 2.2 Taking your house hostage
      3. 2.3 Taking your car hostage
      4. 2.4 Taking your pacemaker hostage
      5. 2.5 Taking your voting hostage
      6. 2.6 Taking your smart grid hostage
    3. 3. Summary
  16. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think