Ransomware

Book description

The biggest online threat to businesses and consumers today is ransomware, a category of malware that can encrypt your computer files until you pay a ransom to unlock them. With this practical book, you’ll learn how easily ransomware infects your system and what steps you can take to stop the attack before it sets foot in the network.

Security experts Allan Liska and Timothy Gallo explain how the success of these attacks has spawned not only several variants of ransomware, but also a litany of ever-changing ways they’re delivered to targets. You’ll learn pragmatic methods for responding quickly to a ransomware attack, as well as how to protect yourself from becoming infected in the first place.

  • Learn how ransomware enters your system and encrypts your files
  • Understand why ransomware use has grown, especially in recent years
  • Examine the organizations behind ransomware and the victims they target
  • Learn how wannabe hackers use Ransomware as a Service (RaaS) to launch campaigns
  • Understand how ransom is paid—and the pros and cons of paying
  • Use methods to protect your organization’s workstations and servers

Publisher resources

View/Submit Errata

Table of contents

  1. Preface
    1. Conventions Used in This Book
    2. Using Code Examples
    3. O’Reilly Safari
    4. How to Contact Us
    5. Acknowledgments
  2. I. Understanding Ransomware
  3. 1. Introduction to Ransomware
    1. Ransomware’s Checkered Past
    2. Anatomy of a Ransomware Attack
      1. Deployment
      2. Installation
      3. Command-and-Control
      4. Destruction
      5. Extortion
    3. Destruction Phase
      1. File Encryption
      2. System or Browser Locking
    4. The Rapid Growth of Ransomware
      1. Other Factors
      2. Misleading Applications, FakeAV, and Modern CrytpoRansomware
    5. Summary
  4. 2. Pros and Cons of Paying the Ransom
    1. “Oh”
      1. Knowing What Is Actually Backed Up
      2. Knowing Which Ransomware Family Infected the System
    2. When to Pay the Ransom
    3. Ransomware and Reporting Requirements
      1. PCI DSS and Ransomware
      2. HIPPA
    4. Summary
  5. 3. Ransomware Operators and Targets
    1. Criminal Organizations
      1. TeslaCrypt
      2. CryptXXX
      3. CryptoWall
      4. Locky
      5. Ranscam
    2. Who Are Ransomware Groups Targeting?
      1. Evolving Targets
      2. Advanced Hacking Groups Move In
    3. Ransomware as a Service (RaaS)
      1. Different RaaS Models
      2. RaaS Disrupts Security Tools
    4. Summary
  6. II. Defensive Tactics
  7. 4. Protecting Workstations and Servers
    1. Attack Vectors for Ransomware
    2. Hardening the System and Restricting Access
      1. Time to Ditch Flash
      2. Asset Management, Vulnerability, Scanning, and Patching
      3. Disrupting the Attack Chain
      4. Looking for the Executable Post-Attack
    3. Protecting Public-Facing Servers
    4. Alerting and Reacting Quickly
    5. Honeyfiles and Honeydirectories
    6. Summary
  8. 5. Protecting the Workforce
    1. Knowing the Risks and Targets
    2. Learning How to Prevent Compromises
      1. Email Attachment Scanning
      2. Tracking Down the Websites
    3. Testing and Teaching Users
      1. Security Awareness Training
      2. Phishing Users
    4. Post Ransomware
    5. Summary
  9. 6. Threat Intelligence and Ransomware
    1. Understanding the Latest Delivery Methods
    2. Using the Latest Network Indicators
    3. Detecting the Latest Behavioral Indicators
      1. User Behavior Analytics
    4. Summary
  10. III. Ransomware Families
  11. 7. Cerber
    1. Who Developed Cerber?
    2. The Encryption Process
      1. Cerber and BITS
    3. Protecting Against Cerber
    4. Summary
  12. 8. Locky
    1. Who Developed Locky?
    2. The Encryption Process
      1. Understanding Locky’s DGA
      2. Zepto and Bart Variants
      3. DLL Delivery
    3. Protecting Against Locky
      1. Block the Spam
      2. Disable Macros in Microsoft Office Documents
      3. Don’t Allow JavaScript Files to Execute Locally
      4. Stop the Initial Callout
      5. Reverse-Engineering the DGA
    4. Summary
  13. 9. CryptXXX
    1. Who Developed CryptXXX?
      1. Advanced Endpoint Protection Versus Sandboxing
      2. Crypt + XXX
    2. The Encryption Process
    3. Protecting Against CryptXXX
      1. Exploit Kits
      2. DNS Firewalls and IDS
      3. Stopping CryptXXX
    4. Summary
  14. 10. Other Ransomware Families
    1. CryptoWall
      1. Who Developed CryptoWall?
      2. The Encryption Process
    2. PowerWare
      1. The Encryption Process
      2. Protecting Against PowerWare
    3. Ransom32
    4. KeRanger/KeyRanger
    5. Hidden Tear
    6. TeslaCrypt
    7. Mobile Ransomware
    8. Ransomware Targeting Medical Devices
      1. Medical Devices
    9. Summary
  15. Index

Product information

  • Title: Ransomware
  • Author(s): Allan Liska, Timothy Gallo
  • Release date: November 2016
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781491967881