Ransomware and Cyber Extortion: Response and Prevention

Ransomware and Cyber Extortion: Response and Prevention

by Sherri Davidoff, Matt Durrin, Karen Sprenger
Released November 2022
Publisher(s): Addison-Wesley Professional
ISBN: 9780137450268

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Protect Your Organization from Devastating Ransomware and Cyber Extortion Attacks

Ransomware and other cyber extortion crimes have reached epidemic proportions. The secrecy surrounding them has left many organizations unprepared to respond. Your actions in the minutes, hours, days, and months after an attack may determine whether youll ever recover.

You must be ready. With this book, you will be.

Ransomware and Cyber Extortion is the ultimate practical guide to surviving ransomware, exposure extortion, denial-of-service, and other forms of cyber extortion. Drawing heavily on their own unpublished case library, cyber security experts Sherri Davidoff, Matt Durrin, and Karen Sprenger guide you through responding faster, minimizing damage, investigating more effectively, expediting recovery, and preventing it from happening in the first place. Proven checklists help your security teams act swiftly and effectively together, throughout the entire lifecycle--whatever the attack and whatever the source.

  • Understand different forms of cyber extortion and how they evolved

  • Quickly recognize indicators of compromise

  • Minimize losses with faster triage and containment

  • Identify threats, scope attacks, and locate “patient zero”

  • Initiate and manage a ransom negotiation--and avoid costly mistakes

  • Decide whether to pay, how to perform due diligence, and understand risks

  • Know how to pay a ransom demand while avoiding common pitfalls

  • Reduce risks of data loss and reinfection

  • Build a stronger, holistic cybersecurity program that reduces your risk of getting hacked

This guide offers immediate value to everyone involved in prevention, response, planning, or policy: CIOs, CISOs, incident responders, investigators, negotiators, executives, legislators, regulators, law enforcement professionals, and others.

Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details.

Table of contents

  1. Cover Page
  2. About This eBook
  3. Halftitle Page
  4. Title Page
  5. Copyright Page
  6. Pearson’s Commitment to Diversity, Equity, and Inclusion
  7. Dedication Page
  8. Contents
  9. Preface
    1. Who Should Read This Book?
    2. How This Book Is Organized
    3. Other Chapter Elements
    4. Stay Up to Date
  10. Acknowledgments
  11. About the Authors
  12. Chapter 1. Impact
    1. 1.1 A Cyber Epidemic
    2. 1.2 What Is Cyber Extortion?
    3. 1.3 Impacts of Modern Cyber Extortion
    4. 1.4 Victim Selection
    5. 1.5 Scaling Up
    6. 1.6 Conclusion
    7. 1.7 Your Turn!
  13. Chapter 2. Evolution
    1. 2.1 Origin Story
    2. 2.2 Cryptoviral Extortion
    3. 2.3 Early Extortion Malware
    4. 2.4 Key Technological Advancements
    5. 2.5 Ransomware Goes Mainstream
    6. 2.6 Ransomware-as-a-Service
    7. 2.7 Exposure Extortion
    8. 2.8 Double Extortion
    9. 2.9 An Industrial Revolution
    10. 2.10 Conclusion
    11. 2.11 Your Turn!
  14. Chapter 3. Anatomy of an Attack
    1. 3.1 Anatomy Overview
    2. 3.2 Entry
    3. 3.3 Expansion
    4. 3.4 Appraisal
    5. 3.5 Priming
    6. 3.6 Leverage
    7. 3.7 Extortion
    8. 3.8 Conclusion
    9. 3.9 Your Turn!
  15. Chapter 4. The Crisis Begins!
    1. 4.1 Cyber Extortion Is a Crisis
    2. 4.2 Detection
    3. 4.3 Who Should Be Involved?
    4. 4.4 Conduct Triage
    5. 4.5 Assess Your Resources
    6. 4.6 Develop the Initial Response Strategy
    7. 4.7 Communicate
    8. 4.8 Conclusion
    9. 4.9 Your Turn!
  16. Chapter 5. Containment
    1. 5.1 The Need for Speed
    2. 5.2 Gain Access to the Environment
    3. 5.3 Halting Encryption/Deletion
    4. 5.4 Disable Persistence Mechanisms
    5. 5.5 Halting Data Exfiltration
    6. 5.6 Resolve Denial-of-Service Attacks
    7. 5.7 Lock Out the Hackers
    8. 5.8 Hunt for Threats
    9. 5.9 Taking Stock
    10. 5.10 Conclusion
    11. 5.11 Your Turn!
  17. Chapter 6. Investigation
    1. 6.1 Research the Adversary
    2. 6.2 Scoping
    3. 6.3 Breach Investigation or Not?
    4. 6.4 Evidence Preservation
    5. 6.5 Conclusion
    6. 6.6 Your Turn!
  18. Chapter 7. Negotiation
    1. 7.1 It’s a Business
    2. 7.2 Establish Negotiation Goals
    3. 7.3 Outcomes
    4. 7.4 Communication Methods
    5. 7.5 Pressure Tactics
    6. 7.6 Tone, Timeliness, and Trust
    7. 7.7 First Contact
    8. 7.8 Sharing Information
    9. 7.9 Common Mistakes
    10. 7.10 Proof of Life
    11. 7.11 Haggling
    12. 7.12 Closing the Deal
    13. 7.13 Conclusion
    14. 7.14 Your Turn!
  19. Chapter 8. Payment
    1. 8.1 To Pay or Not to Pay?
    2. 8.2 Forms of Payment
    3. 8.3 Prohibited Payments
    4. 8.4 Payment Intermediaries
    5. 8.5 Timing Issues
    6. 8.6 After Payment
    7. 8.7 Conclusion
    8. 8.8 Your Turn!
  20. Chapter 9. Recovery
    1. 9.1 Back up Your Important Data
    2. 9.2 Build Your Recovery Environment
    3. 9.3 Set up Monitoring and Logging
    4. 9.4 Establish Your Process for Restoring Individual Computers
    5. 9.5 Restore Based on an Order of Operations
    6. 9.6 Restoring Data
    7. 9.7 Decryption
    8. 9.8 It’s Not Over
    9. 9.9 Adapt
    10. 9.10 Conclusion
    11. 9.11 Your Turn!
  21. Chapter 10. Prevention
    1. 10.1 Running an Effective Cybersecurity Program
    2. 10.2 Preventing Entry
    3. 10.3 Detecting and Blocking Threats
    4. 10.4 Operational Resilience
    5. 10.5 Reducing Risk of Data Theft
    6. 10.6 Solving the Cyber Extortion Problem
    7. 10.7 Conclusion
    8. 10.8 Your Turn!
  22. Afterword
  23. Checklist A. Cyber Extortion Response
    1. The Crisis Begins
    2. Containment
    3. Investigation
    4. Negotiation
    5. Payment
    6. Recovery
  24. Checklist B. Resources to Create in Advance
    1. Response plans that clearly delineate
    2. Crisis communications plans that address
    3. Specific procedures for tasks such as
    4. Contact information for the response team, leadership, and third parties
    5. Templates for use throughout the response
    6. Technology to support response efforts
    7. Reference materials
  25. Checklist C. Planning Your Response
  26. Checklist D. Running an Effective Cybersecurity Program
    1. Know What You’re Trying to Protect
    2. Understand Your Obligations
    3. Manage Your Risk
    4. Monitor Your Risk
  27. Index
  28. Code Snippets

Product information

  • Title: Ransomware and Cyber Extortion: Response and Prevention
  • Author(s): Sherri Davidoff, Matt Durrin, Karen Sprenger
  • Release date: November 2022
  • Publisher(s): Addison-Wesley Professional
  • ISBN: 9780137450268