book

Ransomware

by Allan Liska, Timothy Gallo

November 2016

Beginner to intermediate

187 pages

5h 18m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Conventions Used in This BookUsing Code ExamplesO’Reilly SafariHow to Contact UsAcknowledgments
Ransomware’s Checkered PastAnatomy of a Ransomware AttackDeploymentInstallationCommand-and-ControlDestructionExtortionDestruction PhaseFile EncryptionSystem or Browser LockingThe Rapid Growth of RansomwareOther FactorsMisleading Applications, FakeAV, and Modern CrytpoRansomwareSummary
“Oh”Knowing What Is Actually Backed UpKnowing Which Ransomware Family Infected the SystemWhen to Pay the RansomRansomware and Reporting RequirementsPCI DSS and RansomwareHIPPASummary
Criminal OrganizationsTeslaCryptCryptXXXCryptoWallLockyRanscamWho Are Ransomware Groups Targeting?Evolving TargetsAdvanced Hacking Groups Move InRansomware as a Service (RaaS)Different RaaS ModelsRaaS Disrupts Security ToolsSummary
Attack Vectors for RansomwareHardening the System and Restricting AccessTime to Ditch FlashAsset Management, Vulnerability, Scanning, and PatchingDisrupting the Attack ChainLooking for the Executable Post-AttackProtecting Public-Facing ServersAlerting and Reacting QuicklyHoneyfiles and HoneydirectoriesSummary
Knowing the Risks and TargetsLearning How to Prevent CompromisesEmail Attachment ScanningTracking Down the WebsitesTesting and Teaching UsersSecurity Awareness TrainingPhishing UsersPost RansomwareSummary
Understanding the Latest Delivery MethodsUsing the Latest Network IndicatorsDetecting the Latest Behavioral IndicatorsUser Behavior AnalyticsSummary

Who Developed Cerber?The Encryption ProcessCerber and BITSProtecting Against CerberSummary
Who Developed Locky?The Encryption ProcessUnderstanding Locky’s DGAZepto and Bart VariantsDLL DeliveryProtecting Against LockyBlock the SpamDisable Macros in Microsoft Office DocumentsDon’t Allow JavaScript Files to Execute LocallyStop the Initial CalloutReverse-Engineering the DGASummary
Who Developed CryptXXX?Advanced Endpoint Protection Versus SandboxingCrypt + XXXThe Encryption ProcessProtecting Against CryptXXXExploit KitsDNS Firewalls and IDSStopping CryptXXXSummary
CryptoWallWho Developed CryptoWall?The Encryption ProcessPowerWareThe Encryption ProcessProtecting Against PowerWareRansom32KeRanger/KeyRangerHidden TearTeslaCryptMobile RansomwareRansomware Targeting Medical DevicesMedical DevicesSummary

Content preview from Ransomware

Chapter 1. Introduction to Ransomware

Ransomware is a blanket term used to describe a class of malware that is used to digitally extort victims into payment of a specific fee. In this book we want to give you a high-level introduction to the concept of ransomware and then dig deeply into the methods you would take to protect yourself from this scourge. In this first chapter we will cover a bit of the history of ransomware as well as give an overview of the ransomware attack chain.

At its heart, this form of digital extortion can be broken down into two major types, and then subdivided based on the families they represent. The two major forms of ransomware are those that encrypt, obfuscate, or deny access to files, and those that restrict access or lock users out of the systems themselves. These threats are not limited to any particular geography or operating system, and can take action on any number of devices. Everything from your Android devices, iOS systems, or Windows systems all are at risk of this type of exploitation via ransomware. Depending on the target, the method of compromise of the device may be different, and the final actions taken would be limited by the device capability itself, but there are also recognizable patterns that many extortionists follow.

Ransomware’s Checkered Past

Historically, ransomware dates back to an original piece of malicious code, known as AIDS, written in 1989 by Joseph Popp. That original malicious code would replace AUTOEXEC.BAT on infected ...