book

Ransomware Protection Playbook

Name: Ransomware Protection Playbook
Author: Roger A. Grimes
ISBN: 9781119849124

by Roger A. Grimes

October 2021

Intermediate to advanced

320 pages

7h 8m

English

Wiley

Read now

Unlock full access

Cover
Title Page
Introduction
Who This Book Is ForWhat Is Covered in This Book?How to Contact Wiley or the Author
Part I: Introduction
Chapter 1: Introduction to Ransomware
How Bad Is the Problem?Types of RansomwareSummary
Chapter 2: Preventing Ransomware
Nineteen Minutes to TakeoverGood General Computer Defense StrategyUnderstanding How Ransomware AttacksPreventing RansomwareBeyond Self-DefenseSummary
Chapter 3: Cybersecurity Insurance
Cybersecurity Insurance ShakeoutDid Cybersecurity Insurance Make Ransomware Worse?Cybersecurity Insurance PoliciesThe Insurance ProcessWhat to Watch Out ForFuture of Cybersecurity InsuranceSummary
Chapter 4: Legal Considerations
Bitcoin and CryptocurrenciesCan You Be in Legal Jeopardy for Paying a Ransom?Is It an Official Data Breach?Preserve EvidenceLegal Defense SummarySummary
Part II: Detection and Recovery
Chapter 5: Ransomware Response Plan
Why Do Response Planning?When Should a Response Plan Be Made?What Should a Response Plan Include?Practice Makes PerfectSummary

Chapter 6: Detecting Ransomware
Why Is Ransomware So Hard to Detect?Detection MethodsExample Detection SolutionSummary
Chapter 7: Minimizing Damage
Basic Outline for Initial Ransomware ResponseStop the SpreadInitial Damage AssessmentFirst Team MeetingDetermine Next StepsSummary
Chapter 8: Early Responses
What Do You Know?A Few Things to RememberMajor DecisionsEarly ActionsSummary
Chapter 9: Environment Recovery
Big DecisionsRebuild Process SummaryRecovery Process SummarySummary
Chapter 10: Next Steps
Paradigm ShiftsImprove Overall Cybersecurity HygieneSummary
Chapter 11: What Not to Do
Assume You Can't Be a VictimThink That One Super-Tool Can Prevent an AttackAssume Too Quickly Your Backup Is GoodUse Inexperienced RespondersGive Inadequate Considerations to Paying RansomLie to AttackersInsult the Gang by Suggesting Tiny RansomPay the Whole Amount Right AwayArgue with the Ransomware GangApply Decryption Keys to Your Only CopyNot Care About Root CauseKeep Your Ransomware Response Plan Online OnlyAllow a Team Member to Go RogueAccept a Social Engineering Exclusion in Your Cyber-Insurance PolicySummary
Chapter 12: Future of Ransomware
Future of RansomwareFuture of Ransomware DefenseSummaryParting Words
Index
Copyright
Dedication
About the Author
About the Technical Editor
Acknowledgments
End User License Agreement

Content preview from Ransomware Protection Playbook

Chapter 5Ransomware Response Plan

In this chapter, we discuss how to create a detailed ransomware response plan, including why do it at all, when to do it, and what it should include. Many of the items summarized here will be covered in more detail in the later chapters.

Why Do Response Planning?

Why should any organization create a ransomware response plan? In one short sentence: to save time and money. Since at least 2020, well over a third to over a half of all surveyed organizations have been successfully exploited by ransomware in a given year. This means the likelihood of any organization being successfully attacked in a given year by ransomware is pretty high. Somewhere around half of organizations recognize the initial ransomware attack before it has been able to encrypt all the targeted data, although some organizations still end up paying because of the data exfiltration threats.

Organizations that aggressively and specifically prepare for ransomware attacks have a better chance of preventing ransomware, have a better chance of more quickly recognizing ransomware, and may be able to recover far more quickly and at lower cost than those organizations that do not. Creating and practicing a ransomware plan likely means faster detection, faster response times, lower damage costs, faster back to operation times, and less legal liability.

When Should a Response Plan Be Made?

When should you make a ransomware response plan? Now, before ransomware has successfully exploited ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Windows Ransomware Detection and Protection

Publisher Resources

ISBN: 9781119849124Purchase Link

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design