O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Ransomware

Book Description

The biggest online threat to businesses and consumers today is ransomware, a category of malware that can encrypt your computer files until you pay a ransom to unlock them. With this practical book, you’ll learn how easily ransomware infects your system and what steps you can take to stop the attack before it sets foot in the network.

Table of Contents

  1. Preface
    1. Conventions Used in This Book
    2. Using Code Examples
    3. O’Reilly Safari
    4. How to Contact Us
    5. Acknowledgments
  2. I. Understanding Ransomware
  3. 1. Introduction to Ransomware
    1. Ransomware’s Checkered Past
    2. Anatomy of a Ransomware Attack
      1. Deployment
      2. Installation
      3. Command-and-Control
      4. Destruction
      5. Extortion
    3. Destruction Phase
      1. File Encryption
      2. System or Browser Locking
    4. The Rapid Growth of Ransomware
      1. Other Factors
      2. Misleading Applications, FakeAV, and Modern CrytpoRansomware
    5. Summary
  4. 2. Pros and Cons of Paying the Ransom
    1. “Oh”
      1. Knowing What Is Actually Backed Up
      2. Knowing Which Ransomware Family Infected the System
    2. When to Pay the Ransom
    3. Ransomware and Reporting Requirements
      1. PCI DSS and Ransomware
      2. HIPPA
    4. Summary
  5. 3. Ransomware Operators and Targets
    1. Criminal Organizations
      1. TeslaCrypt
      2. CryptXXX
      3. CryptoWall
      4. Locky
      5. Ranscam
    2. Who Are Ransomware Groups Targeting?
      1. Evolving Targets
      2. Advanced Hacking Groups Move In
    3. Ransomware as a Service (RaaS)
      1. Different RaaS Models
      2. RaaS Disrupts Security Tools
    4. Summary
  6. II. Defensive Tactics
  7. 4. Protecting Workstations and Servers
    1. Attack Vectors for Ransomware
    2. Hardening the System and Restricting Access
      1. Time to Ditch Flash
      2. Asset Management, Vulnerability, Scanning, and Patching
      3. Disrupting the Attack Chain
      4. Looking for the Executable Post-Attack
    3. Protecting Public-Facing Servers
    4. Alerting and Reacting Quickly
    5. Honeyfiles and Honeydirectories
    6. Summary
  8. 5. Protecting the Workforce
    1. Knowing the Risks and Targets
    2. Learning How to Prevent Compromises
      1. Email Attachment Scanning
      2. Tracking Down the Websites
    3. Testing and Teaching Users
      1. Security Awareness Training
      2. Phishing Users
    4. Post Ransomware
    5. Summary
  9. 6. Threat Intelligence and Ransomware
    1. Understanding the Latest Delivery Methods
    2. Using the Latest Network Indicators
    3. Detecting the Latest Behavioral Indicators
      1. User Behavior Analytics
    4. Summary
  10. III. Ransomware Families
  11. 7. Cerber
    1. Who Developed Cerber?
    2. The Encryption Process
      1. Cerber and BITS
    3. Protecting Against Cerber
    4. Summary
  12. 8. Locky
    1. Who Developed Locky?
    2. The Encryption Process
      1. Understanding Locky’s DGA
      2. Zepto and Bart Variants
      3. DLL Delivery
    3. Protecting Against Locky
      1. Block the Spam
      2. Disable Macros in Microsoft Office Documents
      3. Don’t Allow JavaScript Files to Execute Locally
      4. Stop the Initial Callout
      5. Reverse-Engineering the DGA
    4. Summary
  13. 9. CryptXXX
    1. Who Developed CryptXXX?
      1. Advanced Endpoint Protection Versus Sandboxing
      2. Crypt + XXX
    2. The Encryption Process
    3. Protecting Against CryptXXX
      1. Exploit Kits
      2. DNS Firewalls and IDS
      3. Stopping CryptXXX
    4. Summary
  14. 10. Other Ransomware Families
    1. CryptoWall
      1. Who Developed CryptoWall?
      2. The Encryption Process
    2. PowerWare
      1. The Encryption Process
      2. Protecting Against PowerWare
    3. Ransom32
    4. KeRanger/KeyRanger
    5. Hidden Tear
    6. TeslaCrypt
    7. Mobile Ransomware
    8. Ransomware Targeting Medical Devices
      1. Medical Devices
    9. Summary
  15. Index