book

Ransomware Protection Playbook

Name: Ransomware Protection Playbook
Author: Roger A. Grimes
ISBN: 9781119849124

by Roger A. Grimes

October 2021

Intermediate to advanced

320 pages

7h 8m

English

Wiley

Read now

Unlock full access

Cover
Title Page
Introduction
Who This Book Is ForWhat Is Covered in This Book?How to Contact Wiley or the Author
Part I: Introduction
Chapter 1: Introduction to Ransomware
How Bad Is the Problem?Types of RansomwareSummary
Chapter 2: Preventing Ransomware
Nineteen Minutes to TakeoverGood General Computer Defense StrategyUnderstanding How Ransomware AttacksPreventing RansomwareBeyond Self-DefenseSummary
Chapter 3: Cybersecurity Insurance
Cybersecurity Insurance ShakeoutDid Cybersecurity Insurance Make Ransomware Worse?Cybersecurity Insurance PoliciesThe Insurance ProcessWhat to Watch Out ForFuture of Cybersecurity InsuranceSummary
Chapter 4: Legal Considerations
Bitcoin and CryptocurrenciesCan You Be in Legal Jeopardy for Paying a Ransom?Is It an Official Data Breach?Preserve EvidenceLegal Defense SummarySummary
Part II: Detection and Recovery
Chapter 5: Ransomware Response Plan
Why Do Response Planning?When Should a Response Plan Be Made?What Should a Response Plan Include?Practice Makes PerfectSummary

Chapter 6: Detecting Ransomware
Why Is Ransomware So Hard to Detect?Detection MethodsExample Detection SolutionSummary
Chapter 7: Minimizing Damage
Basic Outline for Initial Ransomware ResponseStop the SpreadInitial Damage AssessmentFirst Team MeetingDetermine Next StepsSummary
Chapter 8: Early Responses
What Do You Know?A Few Things to RememberMajor DecisionsEarly ActionsSummary
Chapter 9: Environment Recovery
Big DecisionsRebuild Process SummaryRecovery Process SummarySummary
Chapter 10: Next Steps
Paradigm ShiftsImprove Overall Cybersecurity HygieneSummary
Chapter 11: What Not to Do
Assume You Can't Be a VictimThink That One Super-Tool Can Prevent an AttackAssume Too Quickly Your Backup Is GoodUse Inexperienced RespondersGive Inadequate Considerations to Paying RansomLie to AttackersInsult the Gang by Suggesting Tiny RansomPay the Whole Amount Right AwayArgue with the Ransomware GangApply Decryption Keys to Your Only CopyNot Care About Root CauseKeep Your Ransomware Response Plan Online OnlyAllow a Team Member to Go RogueAccept a Social Engineering Exclusion in Your Cyber-Insurance PolicySummary
Chapter 12: Future of Ransomware
Future of RansomwareFuture of Ransomware DefenseSummaryParting Words
Index
Copyright
Dedication
About the Author
About the Technical Editor
Acknowledgments
End User License Agreement

Content preview from Ransomware Protection Playbook

Chapter 7Minimizing Damage

In this chapter it is assumed that you have detected a large-scale ransomware attack in your organization and are now just starting to respond. You have activated the ransomware response plan, initiated contact with the needed team members, and now need to assess the scope of damage and minimize it. This is the first 24 hours.

Basic Outline for Initial Ransomware Response

After activating the ransomware response plan, the first major task that needs to be completed is stopping the further spread and damage from the ransomware program(s). This is followed by determining the initial scope of the ransomware involvement and damage. That is then followed by the first official team meeting to discuss what everyone has learned and then make the additional initial response decisions. Figure 7.1 shows the initial tasks graphically.

Everything in early phases of the ransomware response plan can typically be accomplished in 24 hours, although it may be longer depending on circumstances, resources, timing, and the aggressiveness of the response. Ransomware attacks are notorious for intentionally launching late at night, on weekends, and during holidays. Attackers want to maximize the potential for their program(s) to do the most harm and for the defensive response to take longer to happen and be less effective. The following sections look into each of these tasks in more detail.

Figure 7.1 Basic ransomware initial tasks

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Windows Ransomware Detection and Protection

Publisher Resources

ISBN: 9781119849124Purchase Link

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Ransomware Protection Playbook

by Roger A. Grimes

Chapter 7Minimizing Damage

Basic Outline for Initial Ransomware Response

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.