book

Ransomware

by Allan Liska, Timothy Gallo

November 2016

Beginner to intermediate

187 pages

5h 18m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Conventions Used in This BookUsing Code ExamplesO’Reilly SafariHow to Contact UsAcknowledgments
Ransomware’s Checkered PastAnatomy of a Ransomware AttackDeploymentInstallationCommand-and-ControlDestructionExtortionDestruction PhaseFile EncryptionSystem or Browser LockingThe Rapid Growth of RansomwareOther FactorsMisleading Applications, FakeAV, and Modern CrytpoRansomwareSummary
“Oh”Knowing What Is Actually Backed UpKnowing Which Ransomware Family Infected the SystemWhen to Pay the RansomRansomware and Reporting RequirementsPCI DSS and RansomwareHIPPASummary
Criminal OrganizationsTeslaCryptCryptXXXCryptoWallLockyRanscamWho Are Ransomware Groups Targeting?Evolving TargetsAdvanced Hacking Groups Move InRansomware as a Service (RaaS)Different RaaS ModelsRaaS Disrupts Security ToolsSummary
Attack Vectors for RansomwareHardening the System and Restricting AccessTime to Ditch FlashAsset Management, Vulnerability, Scanning, and PatchingDisrupting the Attack ChainLooking for the Executable Post-AttackProtecting Public-Facing ServersAlerting and Reacting QuicklyHoneyfiles and HoneydirectoriesSummary
Knowing the Risks and TargetsLearning How to Prevent CompromisesEmail Attachment ScanningTracking Down the WebsitesTesting and Teaching UsersSecurity Awareness TrainingPhishing UsersPost RansomwareSummary
Understanding the Latest Delivery MethodsUsing the Latest Network IndicatorsDetecting the Latest Behavioral IndicatorsUser Behavior AnalyticsSummary

Who Developed Cerber?The Encryption ProcessCerber and BITSProtecting Against CerberSummary
Who Developed Locky?The Encryption ProcessUnderstanding Locky’s DGAZepto and Bart VariantsDLL DeliveryProtecting Against LockyBlock the SpamDisable Macros in Microsoft Office DocumentsDon’t Allow JavaScript Files to Execute LocallyStop the Initial CalloutReverse-Engineering the DGASummary
Who Developed CryptXXX?Advanced Endpoint Protection Versus SandboxingCrypt + XXXThe Encryption ProcessProtecting Against CryptXXXExploit KitsDNS Firewalls and IDSStopping CryptXXXSummary
CryptoWallWho Developed CryptoWall?The Encryption ProcessPowerWareThe Encryption ProcessProtecting Against PowerWareRansom32KeRanger/KeyRangerHidden TearTeslaCryptMobile RansomwareRansomware Targeting Medical DevicesMedical DevicesSummary

Overview

The biggest online threat to businesses and consumers today is ransomware, a category of malware that can encrypt your computer files until you pay a ransom to unlock them. With this practical book, you’ll learn how easily ransomware infects your system and what steps you can take to stop the attack before it sets foot in the network.

Security experts Allan Liska and Timothy Gallo explain how the success of these attacks has spawned not only several variants of ransomware, but also a litany of ever-changing ways they’re delivered to targets. You’ll learn pragmatic methods for responding quickly to a ransomware attack, as well as how to protect yourself from becoming infected in the first place.

Learn how ransomware enters your system and encrypts your files
Understand why ransomware use has grown, especially in recent years
Examine the organizations behind ransomware and the victims they target
Learn how wannabe hackers use Ransomware as a Service (RaaS) to launch campaigns
Understand how ransom is paid—and the pros and cons of paying
Use methods to protect your organization’s workstations and servers