Ransomware is an exponentially growing threat. Year upon year, new kinds of ransomware are introduced to the web by cybercriminals. 2016 saw an increase in CryptoLocker variants. 2017 saw the volcanic outbreak of WannaCry, NotPetya, and BadRabbit affecting all parts of the globe. The book talks about various kinds of ransomware and technologies used by ransomware. This book covers case studies of the latest ransomware outbreaks.
This book does not directly jump into ransomware but starts by building an understanding around it. Ransomware is a category of malware. This book talks about all the aspects of ransomware, what technology they use, categories of ransomware, and how ransomware is spread. This helps to build up an understanding of ransomware so that readers can understand how to fight the threat.
This book is for administrators and response teams. Administrators need to understand the types of security software and the configuration needed to protect their organizations. Response teams need to identify the incident and take further steps. This book is also meant for security enthusiasts and other IT professionals who want to know about malware, particularly ransomware.
Chapter 1, Malware from Fun to Profit, covers the types of malware and how malware works. Ransomware is a category of malware and hence inherits a lot of it. Understanding malware is a prerequisite for understanding ransomware in a granular way.
Chapter 2, Malware Analysis Fundamentals, talks about some shortcuts to carry out malware analysis on Windows. It is specific to the Windows PE. This chapter provides an easier approach to carry out malware analysis, which is not elaborated upon here. It focuses on identifying malware families.
Chapter 3, Ransomware Distribution, talks about various ways in which ransomware can infect a machine. It also talks about various mediums with which ransomware can penetrate into an organization and spread across inside it.
Chapter 4, Ransomware Techniques of Hijacking the System, talks about various categories of ransomware and various techniques used by ransomware to hijack the system.
Chapter 5, Ransomware Economics, talks about the various means by which the extortionists take payments from their victims.
Chapter 6, Case Study of Some Famous Ransomware, covers case studies of some well-known ransomware. After going through this chapter, you will know about the latest ransomware attacks as well as some historical ones.
Chapter 7, Other Forms of Digital Extortion, talks about other forms of digital extortion, which do not involve ransomware. The chapter talks about attacks that involve data theft and denial of service (DoS) attacks along with some case studies as examples.
Chapter 8, Ransomware Detection and Prevention, talks about various security software and a basic idea of their internals. This will help security professionals to identify the right software and their configuration to protect their organization against ransomware attacks. This chapter will talk about safeguarding the data, which is always a target of ransomware.
Chapter 9, Incident Response, talks about the steps involved when a ransomware incident has occurred. This chapter talks about some basic steps involved in responding to ransomware attacks.
Chapter 10, Future of Ransomware, talks about where the ransomware attacks are heading toward.
The reader should read each chapter thoroughly and in sequence to understand the internal concepts of ransomware. There are some basic concepts of malware analysis given in the book. The reader should use these techniques to get a better and practical understanding of ransomware.
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://www.packtpub.com/sites/default/files/downloads/PreventingRansomware_ColorImages.pdf.
There are a number of text conventions used throughout this book.
CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "If it is an .exe or .dll file, then check if is 32-bit or 64-bit. We need to use the OS accordingly (static analysis)."
A block of code is set as follows:
VOID WINAPI Sleep( _In_ DWORD dwMilliseconds );
Any command-line input or output is written as follows:
$ mkdir css $ cd css
Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "On Windows 7, you can find the DEP setting by going to My Computer | System Protection | Advanced | Performance | Settings | Data Execution Prevention."
Feedback from our readers is always welcome.
General feedback: Email [email protected] and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.
Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!
For more information about Packt, please visit packtpub.com.
The information within this book is intended to be used only in an ethical manner. Do not use any information from the book if you do not have written permission from the owner of the equipment. If you perform illegal actions, you are likely to be arrested and prosecuted to the full extent of the law. Packt Publishing does not take any responsibility if you misuse any of the information contained within the book. The information herein must only be used while testing environments with proper written authorizations from appropriate persons responsible.