Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Incident Response Techniques for Ransomware Attacks
  • Table Of Contents Toc
Incident Response Techniques for Ransomware Attacks

Incident Response Techniques for Ransomware Attacks

By : Oleg Skulkin
3.7 (6)
Buy this Book
close
close
Incident Response Techniques for Ransomware Attacks

Incident Response Techniques for Ransomware Attacks

3.7 (6)
By: Oleg Skulkin
Buy this Book

Overview of this book

Ransomware attacks have become the strongest and most persistent threat for many companies around the globe. Building an effective incident response plan to prevent a ransomware attack is crucial and may help you avoid heavy losses. Incident Response Techniques for Ransomware Attacks is designed to help you do just that. This book starts by discussing the history of ransomware, showing you how the threat landscape has changed over the years, while also covering the process of incident response in detail. You’ll then learn how to collect and produce ransomware-related cyber threat intelligence and look at threat actor tactics, techniques, and procedures. Next, the book focuses on various forensic artifacts in order to reconstruct each stage of a human-operated ransomware attack life cycle. In the concluding chapters, you’ll get to grips with various kill chains and discover a new one: the Unified Ransomware Kill Chain. By the end of this ransomware book, you’ll be equipped with the skills you need to build an incident response strategy for all ransomware attacks.
Table of Contents (17 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Disclaimer
Icon
Share Your Thoughts
1
Section 1: Getting Started with a Modern Ransomware Attack
Icon
Section 1: Getting Started with a Modern Ransomware Attack
Lock Free Chapter
2
Chapter 1: The History of Human-Operated Ransomware Attacks
Icon
Chapter 1: The History of Human-Operated Ransomware Attacks
Icon
2016 – SamSam ransomware
Icon
2017 – BitPaymer ransomware
Icon
2018 – Ryuk ransomware
Icon
2019-present – ransomware-as-a-service
Icon
Summary
3
Chapter 2: The Life Cycle of a Human-Operated Ransomware Attack
Icon
Chapter 2: The Life Cycle of a Human-Operated Ransomware Attack
Icon
Initial attack vectors
Icon
Post-exploitation
Icon
Data exfiltration
Icon
Ransomware deployment
Icon
Summary
4
Chapter 3: The Incident Response Process
chevron up
Icon
Chapter 3: The Incident Response Process
Icon
Preparation for an incident
Icon
Threat detection and analysis
Icon
Containment, eradication, and recovery
Icon
Post-incident activity
Icon
Summary
5
Section 2: Know Your Adversary: How Ransomware Gangs Operate
Icon
Section 2: Know Your Adversary: How Ransomware Gangs Operate
6
Chapter 4: Cyber Threat Intelligence and Ransomware
Icon
Chapter 4: Cyber Threat Intelligence and Ransomware
Icon
Strategic cyber threat intelligence
Icon
Operational cyber threat intelligence
Icon
Tactical cyber threat intelligence
Icon
Summary
7
Chapter 5: Understanding Ransomware Affiliates' Tactics, Techniques, and Procedures
Icon
Chapter 5: Understanding Ransomware Affiliates' Tactics, Techniques, and Procedures
Icon
Gaining initial access
Icon
Executing malicious code
Icon
Obtaining persistent access
Icon
Escalating privileges
Icon
Bypassing defenses
Icon
Accessing credentials
Icon
Moving laterally
Icon
Collecting and exfiltrating data
Icon
Ransomware deployment
Icon
Summary
8
Chapter 6: Collecting Ransomware-Related Cyber Threat Intelligence
Icon
Chapter 6: Collecting Ransomware-Related Cyber Threat Intelligence
Icon
Threat research reports
Icon
Community
Icon
Threat actors
Icon
Summary
9
Section 3: Practical Incident Response
Icon
Section 3: Practical Incident Response
10
Chapter 7: Digital Forensic Artifacts and Their Main Sources
Icon
Chapter 7: Digital Forensic Artifacts and Their Main Sources
Icon
Volatile memory collection and analysis
Icon
Non-volatile data collection
Icon
Master file table
Icon
Prefetch files
Icon
LNK files
Icon
Jump lists
Icon
SRUM
Icon
Web browsers
Icon
Windows Registry
Icon
Windows event logs
Icon
Other log sources
Icon
Summary
11
Chapter 8: Investigating Initial Access Techniques
Icon
Chapter 8: Investigating Initial Access Techniques
Icon
Collecting data sources for an external remote service abuse investigation
Icon
Investigating an RDP brute-force attack
Icon
Collecting data sources for a phishing attack investigation
Icon
Investigating a phishing attack
Icon
Summary
12
Chapter 9: Investigating Post-Exploitation Techniques
Icon
Chapter 9: Investigating Post-Exploitation Techniques
Icon
Investigating credential access techniques
Icon
Investigating reconnaissance techniques
Icon
Investigating lateral movement techniques
Icon
Summary
13
Chapter 10: Investigating Data Exfiltration Techniques
Icon
Chapter 10: Investigating Data Exfiltration Techniques
Icon
Investigating web browser abuse for data exfiltration
Icon
Investigating cloud service client application abuse for data exfiltration
Icon
Investigating third-party cloud synchronization tool abuse for data exfiltration
Icon
Investigating the use of custom data exfiltration tools
Icon
Summary
14
Chapter 11: Investigating Ransomware Deployment Techniques
Icon
Chapter 11: Investigating Ransomware Deployment Techniques
Icon
Investigation of abusing RDP for ransomware deployment
Icon
Crylock ransomware overview
Icon
Investigation of Administrative shares for ransomware deployment
Icon
REvil ransomware overview
Icon
Investigation of Group Policy for ransomware deployment
Icon
LockBit ransomware overview
Icon
Summary
15
Chapter 12: The Unified Ransomware Kill Chain
Icon
Chapter 12: The Unified Ransomware Kill Chain
Icon
Cyber Kill Chain®
Icon
MITRE ATT&CK®
Icon
The Unified Kill Chain
Icon
The Unified Ransomware Kill Chain
Icon
Summary
Icon
Why subscribe?
16
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts

Chapter 3: The Incident Response Process

Now that you have reached this chapter, you should already have a good understanding of modern human-operated ransomware attacks, so you are ready to look at the incident response process. Of course, processes may be a bit boring to look at, but it's still very important to have solid understanding – it'll speed up your incident response!

What's more, rather than telling you the same story one more time, we will look at a classic incident response process, developed by National Institute of Standards and Technology (NIST), from a ransomware attack perspective and, of course, using real-world examples and experience.

It was introduced in Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance, and Karen Scarfone. Still, many incident response teams all around the globe are using it on a daily basis during their engagements. Again, I'm not going to retype this paper, rather share my...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Incident Response Techniques for Ransomware Attacks
End of Section 4
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon