Index
A
- access restriction, Shadow copy
- acknowledgments, Acknowledgments
- active scripting languages, Don’t Allow JavaScript Files to Execute Locally
- ad blockers, DGAs
- Adobe Flash, Installation, Locky, Attack Vectors for Ransomware, Time to Ditch Flash, Asset Management, Vulnerability, Scanning, and Patching, Locky, Protecting Against CryptXXX
- Adobe Reader, Protecting Workstations and Servers, Asset Management, Vulnerability, Scanning, and Patching, Exploit Kits
- advanced endpoint protection, Advanced Endpoint Protection Versus Sandboxing-Advanced Endpoint Protection Versus Sandboxing
- advanced persistent threat (APT), Advanced Hacking Groups Move In
- AES encryption, Asymmetric key encryption
- affiliate ID (affid), Locky
- affiliate models, Different RaaS Models
- Afraidgate, Who Developed Locky?
- AIDS (malicious code), Ransomware’s Checkered Past
- AIDSOUT, Ransomware’s Checkered Past
- alerts, Stopping the attack during the encryption process, Alerting and Reacting Quickly
- Android devices
- Angler exploit kit, CryptXXX, Time to Ditch Flash, Understanding the Latest Delivery Methods, CryptXXX, Crypt + XXX, Protecting Against CryptXXX, Exploit Kits
- Anomali, Using the Latest Network Indicators
- anti-malware software
- antispyware tools, Misleading Applications, FakeAV, and Modern CrytpoRansomware
- antivirus software
- app stores, Mobile Ransomware
- Apple Gatekeeper System, KeRanger/KeyRanger
- Apple iPhone, Mobile Ransomware
- Apple OS X, KeRanger/KeyRanger
- Apple Safari, Asset Management, Vulnerability, Scanning, and Patching
- Apple Watch, Ransomware Targeting Medical Devices
- AppLocker, Preventing ransomware from executing
- APT (see advanced persistent threat)
- asset management, Asset Management, Vulnerability, Scanning, and Patching
- asymmetric key encryption, File Encryption, Asymmetric key encryption
- attack chain, disrupting
- attacks
- basic anatomy of, Anatomy of a Ransomware Attack, Pros and Cons of Paying the Ransom, Disrupting the Attack Chain
- combination attacks, Who Developed Cerber?
- defeating, Pros and Cons of Paying the Ransom, CryptXXX, RaaS Disrupts Security Tools, Protecting Workstations and Servers, Disrupting the Attack Chain, Ransomware Families, Summary
- detecting, Stopping the attack during the encryption process, Honeyfiles and Honeydirectories, Threat Intelligence and Ransomware, Using the Latest Network Indicators, Who Developed Cerber?
- lack of patterns in, Ransomware Operators and Targets
- phase 1: deployment, Deployment
- phase 2: installation, Installation
- phase 3: command-and-control, Command-and-Control
- phase 4: destruction, Destruction
- phase 5: extortion, Extortion
- ransomware vs. other types of, Ransomware Operators and Targets
- reporting requirements, Ransomware and Reporting Requirements-HIPPA
- social-engineering attacks, Phishing Users
- susceptibility to repeat, When to Pay the Ransom
- threatened, Ranscam
- vectors for, Attack Vectors for Ransomware-Protecting Workstations and Servers
- zero day attacks, PCI DSS and Ransomware, Protecting Against CryptXXX
- zero-day attacks, Asset Management, Vulnerability, Scanning, and Patching
- attributions, Using Code Examples
- auto-run registry entries, Shadow copy
B
- backup files
- Balabit Blindspotter, Knowing the Risks and Targets
- banking trojans, Locky, Who Developed Locky?, CryptXXX
- bare-metal detonation, Deployment, DGAs
- Bart (Locky variant), Zepto and Bart Variants
- Bates, Jim, Ransomware’s Checkered Past
- BCDEdit, Installation
- Bedep, Criminal Organizations, Time to Ditch Flash, CryptXXX
- behavior analytics, User Behavior Analytics
- behavioral indicators, Detecting the Latest Behavioral Indicators, Advanced Endpoint Protection Versus Sandboxing
- Betabot trojan, Who Developed Cerber?
- Bitcoin
- Bitorrent, KeRanger/KeyRanger
- BITS (see Microsoft Background Intelligent Transfer Service )
- blacklisting, Preventing ransomware from executing, DGAs
- Blindspotter, Knowing the Risks and Targets
- Booz Allen Hamilton, Security Awareness Training
- botnets, Ransomware as a Service (RaaS)
- breach disclosure laws, When to Pay the Ransom
- browser locking, System or Browser Locking-System or Browser Locking
- browser plug-ins, Exploit Kits
- Business Club, Locky
C
- canary files, Honeyfiles and Honeydirectories
- Capture the Flag (CTF) events, Security Awareness Training
- Carbon Black, Preventing ransomware from executing, Shadow copy, Advanced Endpoint Protection Versus Sandboxing, PowerWare
- cardholder data environment (CDE), PCI DSS and Ransomware
- CDE (see cardholder data environment)
- Cerber
- characteristics of, Cerber
- command-and-control in, Disrupting command-and-control at the desktop
- criminal organization behind, Cerber
- deletion of original executable in, Looking for the Executable Post-Attack
- delivery of, Time to Ditch Flash, Cerber
- detecting, Who Developed Cerber?
- embedded sound file in, Cerber
- encryption process, Stopping the attack during the encryption process, The Encryption Process-Cerber and BITS
- installation of, Who Developed Cerber?
- keyboard layouts avoided by, The Encryption Process
- malware bundles, Who Developed Cerber?
- overview of, Summary
- protecting against, Protecting Against Cerber
- RaaS version of, Different RaaS Models
- ransom payment terms, Cerber
- ransoms collected by, Cerber
- VSS deletion by, Shadow copy
- Checkpoint, Cerber, The Encryption Process
- Cisco, Protecting Public-Facing Servers, Block the Spam, Advanced Endpoint Protection Versus Sandboxing
- CLEARAID, Ransomware’s Checkered Past
- code examples, using, Using Code Examples
- code sharing, Ransomware Operators and Targets
- cold boot attacks, Symmetric Key Encryption
- combination attacks, Who Developed Cerber?
- command-and-control phase, Command-and-Control, Disrupting command-and-control at the desktop-Disrupting command-and-control at the desktop
- comments/contact information,
- common platform enumeration (CPE), Asset Management, Vulnerability, Scanning, and Patching
- common vulnerabilities and exposures (CVEs), Asset Management, Vulnerability, Scanning, and Patching-Asset Management, Vulnerability, Scanning, and Patching
- common vulnerability scoring system (CVSS), Asset Management, Vulnerability, Scanning, and Patching
- compliance, validating, Asset Management, Vulnerability, Scanning, and Patching
- compressed files, Locky, Advanced Hacking Groups Move In, Stopping the attack during the encryption process, Understanding the Latest Delivery Methods, DLL Delivery
- compromises, preventing, Learning How to Prevent Compromises
- content management systems (CMSs), Protecting Public-Facing Servers
- control points, Knowing the Risks and Targets
- Corvil, Asset Management, Vulnerability, Scanning, and Patching
- country code TLDs (ccTLDs), Disrupting command-and-control at the desktop
- credit card reward scams, Understanding the Latest Delivery Methods
- criminal organizations
- Cerber, Cerber, Who Developed Cerber?
- CryptoWall, CryptoWall, Who Developed CryptoWall?
- CryptXXX, CryptXXX, Who Developed CryptXXX?-Crypt + XXX
- forced to shut down, Ransomware Families
- Locky, Locky, Who Developed Locky?
- motivating factors behind, Criminal Organizations
- Ranscam, Ranscam
- TeslaCrypt, TeslaCrypt
- CrowdStrike, Advanced Endpoint Protection Versus Sandboxing
- CryLocker, Handshake and key exchange
- crypt32.dll, Stopping the attack during the encryption process, Ransom32
- cryptocurrency, Ransomware’s Checkered Past, The global availability of cryptocurrency
- CryptoDefense, Asymmetric key encryption
- CryptoLocker
- cryptovirology, Ransomware’s Checkered Past
- CryptoWall
- CryptXXX
- behavioral indicators and, Detecting the Latest Behavioral Indicators
- command-and-control in, Disrupting command-and-control at the desktop
- criminal organization behind, CryptXXX, Who Developed CryptXXX?-Crypt + XXX
- decryption tools, Crypt + XXX
- delayed launch of, Advanced Endpoint Protection Versus Sandboxing
- delivery of, Time to Ditch Flash, CryptXXX
- DLL delivery method, DLL Delivery, CryptXXX, Stopping CryptXXX
- encryption process, The Encryption Process-The Encryption Process
- overview of, Summary
- packer used by, Looking at packers and the registry
- protecting against, Protecting Against CryptXXX-Stopping CryptXXX
- ransoms collected by, Criminal Organizations
- release schedule, Crypt + XXX
- stopping, Stopping CryptXXX
- unique characteristics of, Stopping CryptXXX
- versions of, Advanced Endpoint Protection Versus Sandboxing
- CTB-Locker
- culture of security, Email Attachment Scanning
- cutting your losses, When to Pay the Ransom
- cyber espionage activity, Advanced Hacking Groups Move In
- Cyber Security Month, Security Awareness Training
- Cyber Threat Alliance, Using the Latest Network Indicators
- CyberArk Privileged Session Manager, Knowing the Risks and Targets
- Cylance, Disrupting command-and-control at the desktop, Advanced Endpoint Protection Versus Sandboxing
D
- Dark Web, Ransomware as a Service (RaaS)
- Darktrace Threat Visualizer, Detecting the Latest Behavioral Indicators
- data
- data-based individualization standards, Knowing the Risks and Targets
- DDoS (see distributed denial of service)
- decryptors
- deep forensic analysis, Looking for the Executable Post-Attack
- delivery methods, Understanding the Latest Delivery Methods-Understanding the Latest Delivery Methods
- deployment phase, Deployment, Understanding the Latest Delivery Methods-Understanding the Latest Delivery Methods
- destruction phase, Destruction-System or Browser Locking
- Developer IDs, KeRanger/KeyRanger
- devices at risk, Introduction to Ransomware
- differential backups, Knowing What Is Actually Backed Up
- directory sinkholes, Honeyfiles and Honeydirectories
- disclosure laws, When to Pay the Ransom
- distraction tools, Advanced Hacking Groups Move In
- distributed denial of service (DDoS), Advanced Hacking Groups Move In
- DLL delivery method, DLL Delivery, CryptXXX, Stopping CryptXXX
- DNS cache poisoning, DGAs
- DNS firewalls, Reverse-Engineering the DGA, DNS firewalls
- DNS security products, DGAs
- domain blocking, DNS Firewalls and IDS
- domain generation algorithms (DGAs), Dynamic DNS, Disrupting command-and-control at the desktop, DGAs, Understanding Locky’s DGA, Reverse-Engineering the DGA
- Dridex botnet, Locky, Who Developed Locky?
- drive-by download, Deployment
- dynamic DNS, Dynamic DNS
E
- edge sandboxing, Deployment
- edge-detection mechanisms, Protecting Workstations and Servers
- electronic protected health information (ePHI), Ransomware and Reporting Requirements
- email
- attachments, Locky, Email Attachment Scanning
- attack chain of infected, Disrupting the Attack Chain
- choosing protection systems, Advanced Hacking Groups Move In, Protecting Workstations and Servers, Block the Spam
- free email providers, Block the Spam
- handling, Email Attachment Scanning
- links/URLs in, Tracking Down the Websites-DGAs, Using the Latest Network Indicators
- malware delivery through, Understanding the Latest Delivery Methods
- phishing, Deployment, Phishing Users
- recognizing scams, Understanding the Latest Delivery Methods
- screening failures, Protecting Workstations and Servers
- spam blocking, Block the Spam-Block the Spam
- subject line indicators, Using the Latest Network Indicators, Block the Spam
- threat recognition training, Security Awareness Training
- threatening attacks, Ranscam
- encryption process
- Encryptor
- end-point protection tools, Shadow copy, Advanced Endpoint Protection Versus Sandboxing-Advanced Endpoint Protection Versus Sandboxing
- end-user protection, Protecting the Workforce, Keeping users informed
- (see also workforce protection)
- Endpoint, Asset Management, Vulnerability, Scanning, and Patching
- "enticing" filenames, Don’t Allow JavaScript Files to Execute Locally
- ePHI (see electronic protected health information )
- eSentire, Reverse-Engineering the DGA, DNS firewalls
- ESET antivirus company, TeslaCrypt
- Evil Corp., Locky
- executable files, Looking for the Executable Post-Attack
- execution, preventing, Preventing ransomware from executing-Preventing ransomware from executing
- exploit kits, CryptoWall, Different RaaS Models, Hardening the System and Restricting Access-Preventing ransomware from executing, Understanding the Latest Delivery Methods, Who Developed Cerber?, CryptXXX, Protecting Against CryptXXX-Exploit Kits
- exploitation of vulnerabilities, Deployment
- exploited PDFs, Installation
F
- fake antivirus (AV) software, Misleading Applications, FakeAV, and Modern CrytpoRansomware, Locky
- fall-back IP addresses, Disrupting command-and-control at the desktop, Reverse-Engineering the DGA
- Family Educational Rights and Privacy Act (FERPA), Ransomware and Reporting Requirements
- fear-based systems, Threat Intelligence and Ransomware
- FERPA (see Family Educational Rights and Privacy Act)
- file size, Stopping the attack during the encryption process
- Financial Services ISAC (FS-ISAC), Hardening the System and Restricting Access
- fingerprinting, Exploit Kits
- FireEye, TeslaCrypt, Disrupting command-and-control at the desktop, Using the Latest Network Indicators, Block the Spam, Advanced Endpoint Protection Versus Sandboxing
- FireEye EX, Tracking Down the Websites
- FireEye NX, Protecting Workstations and Servers
- firewalls, Reverse-Engineering the DGA, DNS firewalls
- Flash (see Adobe Flash)
- forensic analysis, Looking for the Executable Post-Attack
- free email providers, Block the Spam
- Free Forensics, Honeyfiles and Honeydirectories
G
- gaming files, TeslaCrypt
- Gatekeeper System, KeRanger/KeyRanger
- generic TLDs (gTLDs), Disrupting command-and-control at the desktop
- GIFs, Destruction
- GLBA (see Gramm-Leach Bliley Act)
- global security risks, Learning How to Prevent Compromises
- Google Chrome, Asset Management, Vulnerability, Scanning, and Patching, Post Ransomware, Ransom32
- Google Play app store, Mobile Ransomware
- Gpcoder, Ransomware Operators and Targets
- GPOs (see group policy objects)
- Gramm-Leach Bliley Act (GLBA), Ransomware and Reporting Requirements
- Grayda, Jose, Reverse-Engineering the DGA
- group policy objects (GPOs), Advanced Hacking Groups Move In, Protecting Workstations and Servers, Preventing ransomware from executing
H
- handshake protocols, Handshake and key exchange
- Health Insurance Portability & Accountability Act (HIPAA), Ransomware and Reporting Requirements, HIPPA
- Hidden Tear, Hidden Tear
- HIPAA (see Health Insurance Portability & Accountability Act )
- home computer users, Evolving Targets, Advanced Hacking Groups Move In
- honeyfiles and honeydirectories, Honeyfiles and Honeydirectories-Honeyfiles and Honeydirectories
- honeypot concept, Honeyfiles and Honeydirectories
- HPE Real User Monitoring, Knowing the Risks and Targets
- HTTP protocol, Command-and-Control
- Hunt, Kris, Reverse-Engineering the DGA
I
- Imgur, Handshake and key exchange
- incident-response teams, Advanced Endpoint Protection Versus Sandboxing
- incremental backups, Knowing What Is Actually Backed Up
- indicators of compromise (IOCs), CryptXXX, DGAs, Using the Latest Network Indicators-User Behavior Analytics
- industrial control systems, Knowing the Risks and Targets
- Infoblox, DGAs
- information architecture, Knowing the Risks and Targets
- information association techniques, DGAs
- information sharing and analysis centers (ISACs), HIPPA, Hardening the System and Restricting Access, Threat Intelligence and Ransomware, DNS firewalls
- information stealers, Locky, Who Developed Cerber?, CryptXXX
- informative redirect pages, Keeping users informed
- ingress/egress points, Knowing the Risks and Targets
- installation phase, Installation
- intellectual property, Knowing the Risks and Targets, Learning How to Prevent Compromises
- INTelligence sources (OSINT), DGAs
- Internet of Things (IoT), Ransomware Targeting Medical Devices
- Internet-accessible systems
- intrusion detection systems (IDS), Protecting Workstations and Servers, Challenges with domain blocking-Using an IDS
- inventory information, Asset Management, Vulnerability, Scanning, and Patching
- Invincea, Who Developed Cerber?
- invoice scams, Understanding the Latest Delivery Methods, Block the Spam
- IOCs (see indicators of compromise)
- iOS devices
- ISACs (see information sharing and analysis centers )
- iTunes gift cards, Mobile Ransomware
J
- jailbroken devices, Installation
- Java, Installation, Protecting Against CryptXXX
- JavaScript, System or Browser Locking, Locky, Attack Vectors for Ransomware, Stopping the attack during the encryption process, DGAs, Don’t Allow JavaScript Files to Execute Locally-Don’t Allow JavaScript Files to Execute Locally, Exploit Kits, Ransom32
- JBoss Management Console, Advanced Hacking Groups Move In
- JBoss servers, Protecting Public-Facing Servers
- JexBoss, Protecting Public-Facing Servers
- Joomla, DNS Firewalls and IDS
- JPGs, Destruction
- junk folder (email), Block the Spam
- just-in-time (JIT) connections, DGAs
L
- learning management systems, Security Awareness Training
- links (in emails), Tracking Down the Websites-DGAs
- locker ransomware, Misleading Applications, FakeAV, and Modern CrytpoRansomware
- locking, system or browser, System or Browser Locking-System or Browser Locking
- Locky
- Bart variant, Zepto and Bart Variants
- command-and-control in, Disrupting command-and-control at the desktop, Stop the Initial Callout-Reverse-Engineering the DGA
- criminal organization behind, Locky, Who Developed Locky?
- decryption of, Locky
- delivery of, Time to Ditch Flash, Locky, DLL Delivery, Disable Macros in Microsoft Office Documents
- DGA use in, Disrupting command-and-control at the desktop, Understanding Locky’s DGA, Reverse-Engineering the DGA
- encryption process, Stopping the attack during the encryption process, The Encryption Process-DLL Delivery
- offline operation of, The Encryption Process
- overview of, Summary
- packer used by, Looking at packers and the registry
- protecting against, Protecting Against Locky-Reverse-Engineering the DGA
- Zepto variant, Zepto and Bart Variants
- logging, Preventing ransomware from executing, Alerting and Reacting Quickly, Detecting the Latest Behavioral Indicators
- longest meaningful string (LMS), Disrupting command-and-control at the desktop
- Lukas Hospital, Advanced Hacking Groups Move In
- lures, Block the Spam
M
- macros
- Magnitude exploit kit, CryptoWall, Time to Ditch Flash, Who Developed Cerber?
- mail security services, Locky
- malvertising, CryptoWall, Attack Vectors for Ransomware, DGAs, Understanding the Latest Delivery Methods, Locky, Mobile Ransomware
- Malware Domain List, DNS Firewalls and IDS
- Malware-Traffic-Analysis, Exploit Kits
- manufacturing, Knowing the Risks and Targets
- McAfee, Misleading Applications, FakeAV, and Modern CrytpoRansomware, Asset Management, Vulnerability, Scanning, and Patching, Using the Latest Network Indicators
- MD5 hash, Installation
- meaningless domains, DGAs
- medical devices
- Microsoft Background Intelligent Transfer Service (BITS) , Cerber and BITS
- Microsoft Group Policy Management Console (GPMC), Preventing ransomware from executing
- Microsoft Internet Explorer, Asset Management, Vulnerability, Scanning, and Patching
- Microsoft Office, Locky, Evolving Targets, Protecting Workstations and Servers, Asset Management, Vulnerability, Scanning, and Patching, Disrupting the Attack Chain, Post Ransomware, Disable Macros in Microsoft Office Documents
- Microsoft Office documents, Destruction
- Microsoft Publisher, Protecting Workstations and Servers
- Microsoft Silverlight, Protecting Against CryptXXX
- Microsoft Visio, Protecting Workstations and Servers
- Microsoft Windows, Unpatched medical devices
- Microsoft Windows AppLocker, Preventing ransomware from executing
- Microsoft Word, Asset Management, Vulnerability, Scanning, and Patching
- microvirtualized instances, Protecting Workstations and Servers
- Mischa, Pros and Cons of Paying the Ransom
- misleading applications, Misleading Applications, FakeAV, and Modern CrytpoRansomware, Mobile Ransomware
- mobile devices
- mobile ransomware, Mobile Ransomware
- MoneyPak, Ransomware’s Checkered Past
- monitoring programs, Alerting and Reacting Quickly
- Mozilla's Firefox, Asset Management, Vulnerability, Scanning, and Patching
- msramdump, Symmetric Key Encryption
N
- Necurs botnet, Who Developed Locky?
- network access control (NAC), Asset Management, Vulnerability, Scanning, and Patching
- network indicators, Using the Latest Network Indicators
- networked drives, Knowing What Is Actually Backed Up
- Neurevt, Who Developed Cerber?
- Neutrino exploit kit, Locky, Understanding the Latest Delivery Methods, Who Developed Cerber?, Locky, Who Developed Locky?, CryptXXX, Protecting Against CryptXXX, Exploit Kits, Using an IDS
- No More Ransom team, Knowing Which Ransomware Family Infected the System, Protecting Against CryptXXX
- node webkits, Ransom32
- Nominum, Disrupting command-and-control at the desktop, Reverse-Engineering the DGA
- Norton, Misleading Applications, FakeAV, and Modern CrytpoRansomware
- Nuclear exploit kit, CryptoWall, Locky, Time to Ditch Flash
- NW.js framework, Stopping the attack during the encryption process
P
- packers, Looking at packers and the registry
- Palo Alto, Protecting Workstations and Servers, Who Developed Locky?, Advanced Endpoint Protection Versus Sandboxing, KeRanger/KeyRanger
- patches, Asset Management, Vulnerability, Scanning, and Patching-Asset Management, Vulnerability, Scanning, and Patching, Unpatched medical devices
- paying the ransom
- enforcing payment, Extortion, Cerber, Mobile Ransomware
- knowing the value of your data, Knowing Which Ransomware Family Infected the System, Knowing the Risks and Targets
- knowing what is backed up, Knowing What Is Actually Backed Up
- knowing which ransomware is present, Knowing Which Ransomware Family Infected the System, RaaS Disrupts Security Tools
- for Locky-encrypted files, Locky
- pros and cons of, Extortion, Pros and Cons of Paying the Ransom, Protecting Workstations and Servers
- typical cost of, Extortion, Criminal Organizations, Advanced Hacking Groups Move In, Understanding the Latest Delivery Methods, CryptoWall
- when to pay, When to Pay the Ransom-When to Pay the Ransom
- Payment Card Industry (PCI), Ransomware and Reporting Requirements-PCI DSS and Ransomware
- PayPal accounts, Ransomware Operators and Targets
- PaySafe, Ransomware’s Checkered Past
- PCI (see Payment Card Industry)
- PDF files, Installation, Protecting Workstations and Servers, Asset Management, Vulnerability, Scanning, and Patching, Understanding the Latest Delivery Methods, Exploit Kits
- personal health information (PHI), Ransomware and Reporting Requirements
- Personal Health Information (PHI), Knowing the Risks and Targets
- personally identifiable information (PII), Ransomware and Reporting Requirements
- Petya
- PHI (see personal health information)
- phishing emails, Deployment
- phishing exercises, Phishing Users
- PII (see personally identifiable information)
- plug-ins, Exploit Kits
- point-of-sale (POS) devices, Threat Intelligence and Ransomware
- Pony, Locky
- Popp, Joseph, Ransomware’s Checkered Past
- port 80, Disrupting command-and-control at the desktop
- portable executables (PEs), Preventing ransomware from executing
- portable network graphics (PNG) files, Handshake and key exchange
- post-attack, Looking for the Executable Post-Attack, Post Ransomware, Advanced Endpoint Protection Versus Sandboxing
- postal service scams, Understanding the Latest Delivery Methods
- PowerPoint, Protecting Workstations and Servers
- PowerShell, Protecting Against Cerber, PowerWare
- PowerWare
- Privileged Session Manager, Knowing the Risks and Targets
- process monitoring standards, Knowing the Risks and Targets
- Proofpoint, Block the Spam, CryptXXX, Crypt + XXX
- proxy systems, DGAs
- psychometric standards, Knowing the Risks and Targets
- public-facing servers, Protecting Public-Facing Servers
- public/private keys, Asymmetric key encryption
R
- RAA, Advanced Hacking Groups Move In
- RaaS (see Ransomware as a Service (RaaS))
- Ranscam, Ranscam
- Ransom32
- ransoms (see paying the ransom)
- ransomware
- ability to protect against, Ransomware Families, Summary
- Cerber, Different RaaS Models, Time to Ditch Flash, Shadow copy, Disrupting command-and-control at the desktop, Stopping the attack during the encryption process, Cerber-Summary
- CryptoLocker, TeslaCrypt, Stopping the attack during the encryption process, TeslaCrypt
- CryptoWall, CryptoWall, CryptoWall
- CryptXXX, Criminal Organizations, Time to Ditch Flash, Looking at packers and the registry, Disrupting command-and-control at the desktop, Detecting the Latest Behavioral Indicators, DLL Delivery, CryptXXX-Summary
- CTB-Locker, Time to Ditch Flash, Protecting Public-Facing Servers
- Encryptor, Different RaaS Models, Disrupting command-and-control at the desktop
- Gpcoder, Ransomware Operators and Targets
- Hidden Tear, Hidden Tear
- introduction to
- basic attack anatomy, Anatomy of a Ransomware Attack-Extortion
- definition of ransomware, Introduction to Ransomware
- destruction phase, Destruction Phase-System or Browser Locking
- entrances used by, Installation
- history of, Ransomware’s Checkered Past
- identifying type of, Knowing Which Ransomware Family Infected the System
- rapid growth of ransomware, The Rapid Growth of Ransomware-Misleading Applications, FakeAV, and Modern CrytpoRansomware, Ransomware Operators and Targets
- systems at risk, Introduction to Ransomware
- tracking current activity, Hardening the System and Restricting Access
- types of ransomware, Introduction to Ransomware, File Encryption
- KeRanger/KeyRanger, KeRanger/KeyRanger
- Locky, Locky, Time to Ditch Flash, Looking at packers and the registry, Disrupting command-and-control at the desktop, Stopping the attack during the encryption process, Locky-Summary
- Mischa, Pros and Cons of Paying the Ransom
- mobile ransomware, Mobile Ransomware
- operators and targets, Ransomware Operators and Targets-Summary
- ORX-Locker, Different RaaS Models
- paying the ransom, Pros and Cons of Paying the Ransom-Summary
- Petya, Pros and Cons of Paying the Ransom, Looking at packers and the registry
- PowerWare, PowerWare-Protecting Against PowerWare
- protecting workforces from, Protecting the Workforce-Summary
- protecting workstations and servers, Protecting Workstations and Servers-Summary
- RAA, Advanced Hacking Groups Move In
- Ranscam, Ranscam
- Ransom32, Stopping the attack during the encryption process, Ransom32
- Reveton, Who Developed CryptXXX?, Crypt + XXX
- Samas/SamSam, Advanced Hacking Groups Move In, Knowing the Risks and Targets
- targeting medical devices, Ransomware Targeting Medical Devices-Why isn’t it a bigger problem?
- TeslaCrypt, TeslaCrypt, Preventing ransomware from executing, TeslaCrypt
- threat intelligence and, Threat Intelligence and Ransomware-Summary
- TorrentLocker, Disrupting command-and-control at the desktop
- tracking current activity, Threat Intelligence and Ransomware-Summary, Exploit Kits
- Ransomware as a Service (RaaS), Ransomware Operators and Targets, Locky, Ransomware as a Service (RaaS)-RaaS Disrupts Security Tools, Ransom32
- Ransomware Tracker Website, DNS Firewalls and IDS
- Rapid7, Asset Management, Vulnerability, Scanning, and Patching
- Real User Monitoring, Knowing the Risks and Targets
- Red Hat, Advanced Hacking Groups Move In
- redirect pages, Keeping users informed
- referral fees, Different RaaS Models
- regulatory compliance, Ransomware and Reporting Requirements-HIPPA
- remote network access, Advanced Hacking Groups Move In
- reporting requirements, Ransomware and Reporting Requirements-HIPPA
- Retail-ISAC, Using the Latest Network Indicators
- Reveton, Who Developed CryptXXX?, Crypt + XXX
- Rig exploit kit, Time to Ditch Flash
- RIG exploit kit, Who Developed Cerber?
- RockLoader, Locky
- RSA 4,096-bit encryption, Handshake and key exchange
- Ruiz, Frank, CryptXXX
- Rule of Seven, Keeping users informed
S
- safe-boot options, The Encryption Process
- Samas/SamSam, Advanced Hacking Groups Move In, Knowing the Risks and Targets
- sandboxing
- SANS, Security Awareness Training
- SANS Investigative Forensic Toolkit (SIFT), Post Ransomware
- Sarbanes-Oxley Act (SOX), Ransomware and Reporting Requirements
- SCADA (see supervisory control and data acquisition)
- Schneir, Bruce, Increased availability of strong crypto
- .scr files, Stopping the attack during the encryption process
- scripting languages, Don’t Allow JavaScript Files to Execute Locally, PowerWare
- security advisors, CryptoWall
- security awareness training, Security Awareness Training, Mobile Ransomware
- security information and event management (SIEM), Alerting and Reacting Quickly
- security researchers, Ransomware Families
- security system failures
- Sen, Oktu, Hidden Tear
- SentinelOne, Preventing ransomware from executing, Shadow copy, Advanced Endpoint Protection Versus Sandboxing
- servers (see workstations and servers)
- SetinelOne, Criminal Organizations
- SHA256, Using the Latest Network Indicators
- shadow copy, Shadow copy-Shadow copy
- shipping company scams, Understanding the Latest Delivery Methods
- Silverlight, Asset Management, Vulnerability, Scanning, and Patching
- sinkholes, Honeyfiles and Honeydirectories, DGAs
- Snort, Using an IDS, Stopping CryptXXX
- social-engineering attacks, Phishing Users
- software artifacts, Symmetric Key Encryption
- Sophos, Knowing Which Ransomware Family Infected the System, Asset Management, Vulnerability, Scanning, and Patching
- SOX (see Sarbanes-Oxley Act)
- spam, blocking, Block the Spam-Block the Spam
- Spirion, Knowing the Risks and Targets
- Stampado, Knowing What Is Actually Backed Up
- strategic web compromise, Deployment
- Stuxnet, Knowing the Risks and Targets
- supervisory control and data acquisition (SCADA) , When to Pay the Ransom, Knowing the Risks and Targets
- susceptible applications, Protecting Workstations and Servers-Protecting Public-Facing Servers, CryptXXX, Protecting Against CryptXXX
- susceptible devices, Installation
- susceptible employees, Knowing the Risks and Targets
- susceptible organizations, Ransomware Operators and Targets, Who Are Ransomware Groups Targeting?-Advanced Hacking Groups Move In, Understanding the Latest Delivery Methods
- susceptible systems, Installation, Knowing the Risks and Targets, KeRanger/KeyRanger
- Symantec, Security Awareness Training, Using the Latest Network Indicators, Reverse-Engineering the DGA, Mobile Ransomware
- Symantec Mail Gateway, Tracking Down the Websites
- Symantec Phishing Readiness, Phishing Users
- SymantecFull, Block the Spam
- symmetric key encryption, File Encryption-Symmetric Key Encryption
- system access
- system administrators, Protecting Against Cerber
- system hardening
- asset management, Asset Management, Vulnerability, Scanning, and Patching
- discontinue use of Adobe Flash, Time to Ditch Flash
- disrupting attack chains, Disrupting the Attack Chain-Looking for the Executable Post-Attack
- executable post-attack, Looking for the Executable Post-Attack
- patching common vulnerabilities, Asset Management, Vulnerability, Scanning, and Patching-Asset Management, Vulnerability, Scanning, and Patching
- preventing malware delivery, Hardening the System and Restricting Access
- tracking ransomware activity, Hardening the System and Restricting Access
- updates, Asset Management, Vulnerability, Scanning, and Patching
- system locking, System or Browser Locking-System or Browser Locking
- system optimization software, Misleading Applications, FakeAV, and Modern CrytpoRansomware
- system restore, Looking at packers and the registry
- systems at risk, Introduction to Ransomware
- systems management tools, Knowing the Risks and Targets
T
- tactics, techniques, and procedures (TTPs), Criminal Organizations, Protecting Workstations and Servers
- Tanium, Disrupting command-and-control at the desktop
- targeted attacks, Installation
- targets for attacks, Who Are Ransomware Groups Targeting?-Advanced Hacking Groups Move In, Knowing the Risks and Targets-Knowing the Risks and Targets
- tax return scams, Understanding the Latest Delivery Methods
- Tenable, Asset Management, Vulnerability, Scanning, and Patching
- TeslaCrypt
- The Onion Router (TOR), Ransomware as a Service (RaaS)
- threat intelligence
- threat intelligence platform (TIP), Using the Latest Network Indicators
- ThreatAvert, Reverse-Engineering the DGA
- ThreatConnect, Using the Latest Network Indicators
- ThreatQ, Using the Latest Network Indicators
- ThreatSTOP, Reverse-Engineering the DGA, DNS firewalls
- threshold alerts, Stopping the attack during the encryption process
- top level domains (TLDs), Disrupting command-and-control at the desktop
- TOR services, Command-and-Control, Ransomware as a Service (RaaS), Ransom32
- TorrentLocker, Disrupting command-and-control at the desktop
- tracking resources, Hardening the System and Restricting Access
- Transmission (Bitorrent client), KeRanger/KeyRanger
- Trend Micro, Knowing Which Ransomware Family Infected the System
- TripWire, Asset Management, Vulnerability, Scanning, and Patching, Preventing ransomware from executing
- TTPs (see tactics, techniques and procedures )
- typographical conventions, Conventions Used in This Book
U
- Ukash, Ransomware’s Checkered Past, Ransomware Operators and Targets
- underground infrastructure, Ransomware Operators and Targets
- updates, Asset Management, Vulnerability, Scanning, and Patching, Post Ransomware, Unpatched medical devices
- URLs, Tracking Down the Websites-DGAs, Using the Latest Network Indicators
- user behavior analytics (UBA), User Behavior Analytics
- user-behavior monitoring, Knowing the Risks and Targets
V
- value, demonstrating, How Do You Show the Value?
- VBScript, Don’t Allow JavaScript Files to Execute Locally
- Veritas Data Insight, Knowing the Risks and Targets
- versioning backups, Knowing What Is Actually Backed Up
- virtual aware ransomware, Protecting Workstations and Servers, Advanced Endpoint Protection Versus Sandboxing
- Virus Bulletin (Bates), Ransomware’s Checkered Past
- VMWare, Advanced Endpoint Protection Versus Sandboxing
- Volatility, Symmetric Key Encryption
- Volume Shadow Copy (VSC), Disrupting the Attack Chain, Shadow copy
- VSS (see Windows Volume Shadow Copy Service )
W
- Waldek, Locky
- web browsers, Asset Management, Vulnerability, Scanning, and Patching, DGAs, DGAs, Exploit Kits
- whitelisting, Preventing ransomware from executing
- Wildfire, Protecting Workstations and Servers
- Windows Crypto API, Stopping the attack during the encryption process
- Windows logging, Preventing ransomware from executing
- Windows ransomware locker, System or Browser Locking
- Windows Registry, Installation, Looking at packers and the registry
- Windows Resource Protection, Looking at packers and the registry
- Windows script files (WSF), Understanding the Latest Delivery Methods
- Windows Script Host (WSH), Don’t Allow JavaScript Files to Execute Locally
- Windows UAC privileges, Pros and Cons of Paying the Ransom
- Windows Volume Shadow Copy service (VSS), Knowing Which Ransomware Family Infected the System
- Windows Volume Shadow Copy Service (VSS), Shadow copy-Shadow copy
- Wombat, Phishing Users
- Word documents, Protecting Workstations and Servers
- WordPress, Protecting Public-Facing Servers, DNS Firewalls and IDS
- workforce protection
- anti-phishing training, Phishing Users
- domain generation algorithms, DGAs
- email attachment scanning, Email Attachment Scanning
- justifying cost of, How Do You Show the Value?
- main methods for, Protecting the Workforce
- post-attack policies, Post Ransomware
- preventing compromises, Learning How to Prevent Compromises
- regular communications and, Post Ransomware, Keeping users informed
- risks and targets, Knowing the Risks and Targets-Knowing the Risks and Targets
- security awareness training, Security Awareness Training
- testing and teaching users, Testing and Teaching Users
- URLs/links, Tracking Down the Websites
- workstations and servers
- WSF, Installation
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.