Incident Response Techniques for Ransomware Attacks

Understand modern ransomware attacks and build an incident response strategy to work through them

Oleg Skulkin

BIRMINGHAM—MUMBAI

Incident Response Techniques for Ransomware Attacks

Copyright © 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Vijin Boricha

Publishing Product Manager: Shrilekha Inani

Senior Editor: Sangeeta Purkayastha

Content Development Editor: Nihar Kapadia

Technical Editor: Shruthi Shetty

Copy Editor: Safis Editing

Project Coordinator: Shagun Saini

Proofreader: Safis Editing

Indexer: Pratik Shirodkar

Production Designer: Alishon Mendonca

Marketing Coordinator: Hemangi Lotlikar

First published: March 2022

Production reference: 1090322

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80324-044-2

www.packt.com

Contributors

About the author

Oleg Skulkin is the head of the Digital Forensics and Incident Response Team at Group-IB. Oleg has worked in the fields of digital forensics, incident response, and cyber threat intelligence and research for over a decade, fueling his passion for uncovering new techniques used by hidden adversaries. Oleg has authored and coauthored multiple blog posts, papers, and books on related topics and holds GCFA and GCTI certifications. You can contact him on Twitter at oskulkin.

I would like to thank my team at Group-IB, as well as other colleagues from various cyber security companies, who always inspire me with their outstanding research. Also, I would like to thank the Packt team for this opportunity and their help, as well as Ricoh Danielson, who provided very valuable feedback as the technical reviewer.

About the reviewer

Ricoh Danielson has elaborate experience in handling cyber incident response, cyber security, information security, privacy, and compliance. Ricoh has helped major retail, financial, and health care organizations mitigate threats and risks. Ricoh is a digital forensics expert for criminal and civil cases.

Ricoh has handled cyber incidents for major, world-renowned health care, financial, and retail firms. Ricoh is a graduate of Thomas Jefferson School of Law, a graduate of UCLA, a graduate of Arizona, and a US Army combat veteran.