Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by Timothy Gallo, Allan Liska
Ransomware
Preface
Conventions Used in This Book
Using Code Examples
O’Reilly Safari
How to Contact Us
Acknowledgments
I. Understanding Ransomware
1. Introduction to Ransomware
Ransomware’s Checkered Past
Anatomy of a Ransomware Attack
Deployment
Installation
Command-and-Control
Destruction
Extortion
Destruction Phase
File Encryption
System or Browser Locking
The Rapid Growth of Ransomware
Other Factors
Misleading Applications, FakeAV, and Modern CrytpoRansomware
Summary
2. Pros and Cons of Paying the Ransom
“Oh”
Knowing What Is Actually Backed Up
Knowing Which Ransomware Family Infected the System
When to Pay the Ransom
Ransomware and Reporting Requirements
PCI DSS and Ransomware
HIPPA
Summary
3. Ransomware Operators and Targets
Criminal Organizations
TeslaCrypt
CryptXXX
CryptoWall
Locky
Ranscam
Who Are Ransomware Groups Targeting?
Evolving Targets
Advanced Hacking Groups Move In
Ransomware as a Service (RaaS)
Different RaaS Models
RaaS Disrupts Security Tools
Summary
II. Defensive Tactics
4. Protecting Workstations and Servers
Attack Vectors for Ransomware
Hardening the System and Restricting Access
Time to Ditch Flash
Asset Management, Vulnerability, Scanning, and Patching
Disrupting the Attack Chain
Looking for the Executable Post-Attack
Protecting Public-Facing Servers
Alerting and Reacting Quickly
Honeyfiles and Honeydirectories
Summary
5. Protecting the Workforce
Knowing the Risks and Targets
Learning How to Prevent Compromises
Email Attachment Scanning
Tracking Down the Websites
Testing and Teaching Users
Security Awareness Training
Phishing Users
Post Ransomware
Summary
6. Threat Intelligence and Ransomware
Understanding the Latest Delivery Methods
Using the Latest Network Indicators
Detecting the Latest Behavioral Indicators
User Behavior Analytics
Summary
III. Ransomware Families
7. Cerber
Who Developed Cerber?
The Encryption Process
Cerber and BITS
Protecting Against Cerber
Summary
8. Locky
Who Developed Locky?
The Encryption Process
Understanding Locky’s DGA
Zepto and Bart Variants
DLL Delivery
Protecting Against Locky
Block the Spam
Disable Macros in Microsoft Office Documents
Don’t Allow JavaScript Files to Execute Locally
Stop the Initial Callout
Reverse-Engineering the DGA
Summary
9. CryptXXX
Who Developed CryptXXX?
Advanced Endpoint Protection Versus Sandboxing
Crypt + XXX
The Encryption Process
Protecting Against CryptXXX
Exploit Kits
DNS Firewalls and IDS
Stopping CryptXXX
Summary
10. Other Ransomware Families
CryptoWall
Who Developed CryptoWall?
The Encryption Process
PowerWare
The Encryption Process
Protecting Against PowerWare
Ransom32
KeRanger/KeyRanger
Hidden Tear
TeslaCrypt
Mobile Ransomware
Ransomware Targeting Medical Devices
Medical Devices
Summary
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Ransomware
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset