Book Image

Incident Response Techniques for Ransomware Attacks

Book Image

Incident Response Techniques for Ransomware Attacks

Overview of this book

Ransomware attacks have become the strongest and most persistent threat for many companies around the globe. Building an effective incident response plan to prevent a ransomware attack is crucial and may help you avoid heavy losses. Incident Response Techniques for Ransomware Attacks is designed to help you do just that. This book starts by discussing the history of ransomware, showing you how the threat landscape has changed over the years, while also covering the process of incident response in detail. You’ll then learn how to collect and produce ransomware-related cyber threat intelligence and look at threat actor tactics, techniques, and procedures. Next, the book focuses on various forensic artifacts in order to reconstruct each stage of a human-operated ransomware attack life cycle. In the concluding chapters, you’ll get to grips with various kill chains and discover a new one: the Unified Ransomware Kill Chain. By the end of this ransomware book, you’ll be equipped with the skills you need to build an incident response strategy for all ransomware attacks.
Table of Contents (17 chapters)
1
Section 1: Getting Started with a Modern Ransomware Attack
5
Section 2: Know Your Adversary: How Ransomware Gangs Operate
9
Section 3: Practical Incident Response

Initial attack vectors

Any attack starts from an initial access. It can be an access to the internal network via a VPN, a trojan delivered via spear phishing, a web shell deployed via exploitation of public-facing application, or even a supply-chain attack.

At the same time, the three most common initial attack vectors are RDP compromise, spear phishing, and exploitation of software vulnerabilities.

For example, here are some statistics on the most common ransomware attack vectors in Q2 2021 collected by Coveware (source: https://www.coveware.com/blog/2021/7/23/q2-ransom-payment-amounts-decline-as-ransomware-becomes-a-national-security-priority):

Figure 2.1 – The most common ransomware attack vectors according to Coveware

Let's look at each of them in greater detail, with examples, of course.

RDP compromise

For many years, RDP has remained the most common way for threat actors to access the target network. From Chapter 1, The History...