Ransomware and Cyber Extortion: Response and Prevention, 1st edition

Published by Addison-Wesley Professional (October 18, 2022) © 2022

  • Sherri Davidoff
  • Matt Durrin
  • Karen Sprenger
Products list
  • Available for purchase from all major ebook resellers, including InformIT.com
Products list

Details

  • A print text
  • Free shipping
  • Also available for purchase as an ebook from all major ebook resellers, including InformIT.com

This product is expected to ship within 3-6 business days for US and 5-10 business days for Canadian customers.

Today, ransomware is causing dangerous operational failures, financial catastrophes, multi-million-dollar losses, and in some cases, deaths. Ransomware is even undermining the security of nation-states and becoming a contentious issue in international diplomacy. In Ransomware and Cyber Extortion: Response and Prevention, Sherri Davidson and her internationally renowned team of cybersecurity experts offer new insights and well-structured best practices for the entire lifecycle: prevention, detection, mitigation, remediation, and recovery.

Drawing on deep experience consulting with (and negotiating for) ransomware victims, the authors reveal how cyber extortionists now operate, and show how to limit damage, avoid costly mistakes, and reduce future risks. Their real-world case studies help you understand crucial complexities of ransomware response, and address issues ranging from avoiding reinfection to filing insurance claims.

Designed for easy use when you're under the most pressure, Ransomware and Cyber Extortion contains clear, visual tips for communication, time management, and preparation, cloud-specific issues, and much more. If you haven't faced a ransomware attack yet, count yourself lucky, and get this guide today—so you can prepare, before it's too late.

Preface xxi
Acknowledgments xxvii
About the Authors xxix

Chapter 1: Impact 1
1.1 A Cyber Epidemic 3
1.2 What Is Cyber Extortion? 4
1.3 Impacts of Modern Cyber Extortion 7
1.4 Victim Selection 15
1.5 Scaling Up 18
1.6 Conclusion 24
1.7 Your Turn! 24

Chapter 2: Evolution 27
2.1 Origin Story 28
2.2 Cryptoviral Extortion 29
2.3 Early Extortion Malware 30
2.4 Key Technological Advancements 31
2.5 Ransomware Goes Mainstream 38
2.6 Ransomware-as-a-Service 39
2.7 Exposure Extortion 40
2.8 Double Extortion 43
2.9 An Industrial Revolution 45
2.10 Conclusion 60
2.11 Your Turn! 61

Chapter 3: Anatomy of an Attack 63
3.1 Anatomy Overview 63
3.2 Entry 65
3.3 Expansion 72
3.4 Appraisal 76
3.5 Priming 77
3.6 Leverage 80
3.7 Extortion 85
3.8 Conclusion 88
3.9 Your Turn! 88

Chapter 4: The Crisis Begins! 91
4.1 Cyber Extortion Is a Crisis 92
4.2 Detection 93
4.3 Who Should Be Involved? 94
4.4 Conduct Triage 98
4.5 Assess Your Resources 102
4.6 Develop the Initial Response Strategy 105
4.7 Communicate 107
4.8 Conclusion 112
4.9 Your Turn! 112

Chapter 5: Containment 115
5.1 The Need for Speed 116
5.2 Gain Access to the Environment 117
5.3 Halting Encryption/Deletion 118
5.4 Disable Persistence Mechanisms 121
5.5 Halting Data Exfiltration 123
5.6 Resolve Denial-of-Service Attacks 124
5.7 Lock Out the Hackers 125
5.8 Hunt for Threats 129
5.9 Taking Stock 133
5.10 Conclusion 134
5.11 Your Turn! 134

Chapter 6: Investigation 137
6.1 Research the Adversary 138
6.2 Scoping 146
6.3 Breach Investigation or Not? 150
6.4 Evidence Preservation 152
6.5 Conclusion 160
6.6 Your Turn! 161

Chapter 7: Negotiation 163
7.1 It's a Business 164
7.2 Establish Negotiation Goals 165
7.3 Outcomes 169
7.4 Communication Methods 171
7.5 Pressure Tactics 173
7.6 Tone, Timeliness, and Trust 176
7.7 First Contact 178
7.8 Sharing Information 179
7.9 Common Mistakes 182
7.10 Proof of Life 183
7.11 Haggling 186
7.12 Closing the Deal 189
7.13 Conclusion 190
7.14 Your Turn! 191

Chapter 8: Payment 193
8.1 To Pay or Not to Pay? 194
8.2 Forms of Payment 197
8.3 Prohibited Payments 198
8.4 Payment Intermediaries 201
8.5 Timing Issues 202
8.6 After Payment 204
8.7 Conclusion 205
8.8 Your Turn! 206

Chapter 9: Recovery 209
9.1 Back up Your Important Data 210
9.2 Build Your Recovery Environment 211
9.3 Set up Monitoring and Logging 214
9.4 Establish Your Process for Restoring Individual Computers 217
9.5 Restore Based on an Order of Operations 219
9.6 Restoring Data 224
9.7 Decryption 227
9.8 It's Not Over 234
9.9 Adapt 235
9.10 Conclusion 236
9.11 Your Turn! 236

Chapter 10: Prevention 239
10.1 Running an Effective Cybersecurity Program 240
10.2 Preventing Entry 250
10.3 Detecting and Blocking Threats 258
10.4 Operational Resilience 261
10.5 Reducing Risk of Data Theft 267
10.6 Solving the Cyber Extortion Problem 269
10.7 Conclusion 274
10.8 Your Turn! 274

Afterword 277

Checklist A: Cyber Extortion Response 279

Checklist B: Resources to Create in Advance 285

Checklist C: Planning Your Response 291

Checklist D: Running an Effective Cybersecurity Program 293

Index 299

Need help? Get in touch