Avoid becoming the next ransomware victim by taking practical steps today

Colonial Pipeline. CWT Global. Brenntag. Travelex. The list of ransomware victims is long, distinguished, and sophisticated. And it's growing longer every day.

In Ransomware Protection Playbook, computer security veteran and expert penetration tester Roger A. Grimes delivers an actionable blueprint for organizations seeking a robust defense against one of the most insidious and destructive IT threats currently in the wild. You'll learn about concrete steps you can take now to protect yourself or your organization from ransomware attacks.

In addition to walking you through the necessary technical preventative measures, this critical book will show you how to:

• Quickly detect an attack, limit the damage, and decide whether to pay the ransom
• Implement a pre-set game plan in the event of a game-changing security breach to help limit the reputational and financial damage

• Lay down a secure foundation of cybersecurity insurance and legal protection to mitigate the disruption to your life and business

  A must-read for cyber and information security professionals, privacy leaders, risk managers, and CTOs, Ransomware Protection Playbook is an irreplaceable and timely resource for anyone concerned about the security of their, or their organization's, data.

  Autorentext

  ROGER A. GRIMES is a 34-year computer security expert and author on the subject of hacking, malware, and ransomware attacks. He was the weekly security columnist at InfoWorld and CSO Magazines between 2005 and 2019. He is frequently interviewed and quoted, including by Newsweek, CNN, NPR, and the WSJ.

  Klappentext

  Avoid becoming the next ransomware victim by taking practical steps today Colonial Pipeline. CWT Global. Brenntag. Travelex. The list of ransomware victims is long, distinguished, and sophisticated. And it's growing longer every day. In Ransomware Protection Playbook, computer security veteran and expert penetration tester Roger A. Grimes delivers an actionable blueprint for organizations seeking a robust defense against one of the most insidious and destructive IT threats currently in the wild. You'll learn about concrete steps you can take now to protect yourself or your organization from ransomware attacks. In addition to walking you through the necessary technical preventative measures, this critical book will show you how to: Quickly detect an attack, limit the damage, and decide whether to pay the ransom Implement a pre-set game plan in the event of a game-changing security breach to help limit the reputational and financial damage * Lay down a secure foundation of cybersecurity insurance and legal protection to mitigate the disruption to your life and business A must-read for cyber and information security professionals, privacy leaders, risk managers, and CTOs, Ransomware Protection Playbook is an irreplaceable and timely resource for anyone concerned about the security of their, or their organization's, data.

  Inhalt

  Acknowledgments xi

  Introduction xxi

  Part I: Introduction 1

  Chapter 1: Introduction to Ransomware 3

  How Bad is the Problem? 4

  Variability of Ransomware Data 5

  True Costs of Ransomware 7

  Types of Ransomware 9

  Fake Ransomware 10

  Immediate Action vs. Delayed 14

  Automatic or Human-Directed 17

  Single Device Impacts or More 18

  Ransomware Root Exploit 19

  File Encrypting vs. Boot Infecting 21

  Good vs. Bad Encryption 22

  Encryption vs. More Payloads 23

  Ransomware as a Service 30

  Typical Ransomware Process and Components 32

  Infiltrate 32

  After Initial Execution 34

  Dial-Home 34

  Auto-Update 37

  Check for Location 38

  Initial Automatic Payloads 39

  Waiting 40

  Hacker Checks C&C 40

  More Tools Used 40

  Reconnaissance 41

  Readying Encryption 42

  Data Exfiltration 43

  Encryption 44

  Extortion Demand 45

  Negotiations 46

  Provide Decryption Keys 47

  Ransomware Goes Conglomerate 48

  Ransomware Industry Components 52

  Summary 55

  Chapter 2: Preventing Ransomware 57

  Nineteen Minutes to Takeover 57

  Good General Computer Defense Strategy 59

  Understanding How Ransomware Attacks 61

  The Nine Exploit Methods All Hackers and Malware Use 62

  Top Root-Cause Exploit Methods of All Hackers and Malware 63

  Top Root-Cause Exploit Methods of Ransomware 64

  Preventing Ransomware 67

  Primary Defenses 67

  Everything Else 70

  Use Application Control 70

  Antivirus Prevention 73

  Secure Configurations 74

  Privileged Account Management 74

  Security Boundary Segmentation 75

  Data Protection 76

  Block USB Keys 76

  Implement a Foreign Russian Language 77

  Beyond Self-Defense 78

  Geopolitical Solutions 79

  International Cooperation and Law Enforcement 79

  Coordinated Technical Defense 80

  Disrupt Money Supply 81

  Fix the Internet 81

  Summary 84

  Chapter 3: Cybersecurity Insurance 85

  Cybersecurity Insurance Shakeout 85

  Did Cybersecurity Insurance Make Ransomware Worse? 90

  Cybersecurity Insurance Policies 92

  What's Covered by Most Cybersecurity Policies 93

  Recovery Costs 93

  Ransom 94

  Root-Cause Analysis 95

  Business Interruption Costs 95

  Customer/Stakeholder Notifications and Protection 96

  Fines and Legal Investigations 96

  Example Cyber Insurance Policy Structure 97

  Costs Covered and Not Covered by Insurance 98

  The Insurance Process 101

  Getting Insurance 101

  Cybersecurity Risk Determination 102

  Underwriting and Approval 103

  Incident Claim Process 104

  Initial Technical Help 105

  What to Watch Out For 106

  Social Engineering Outs 107

  Make Sure Your Policy Covers Ransomware 107

  Employee's Mistake Involved 107

  Work-from-Home Scenarios 108

  War Exclusion Clauses 108

  Future of Cybersecurity Insurance 109

  Summary 111

  Chapter 4: Legal Considerations 113

  Bitcoin and Cryptocurrencies 114

  Can You Be in Legal Jeopardy for Paying a Ransom? 123

  Consult with a Lawyer 127

  Try to Follow the Money 127

  Get Law Enforcement Involved 128

  Get an OFAC License to Pay the Ransom 129

  Do Your Due Diligence 129

  Is It an Official Data Breach? 129

  Preserve Evidence 130

  Legal Defense Summary 130

  Summary 131

  Part II: Detection and Recovery 133

  Chapter 5: Ransomware Response Plan 135

  Why Do Response Planning? 135

  When Should a Response Plan Be Made? 136

  What Should a Response Plan Include? 136

  Small Response vs. Large Response Threshold 137

  Key People 137

  Communications Plan 138

  Public Relations Plan 141

  Reliable Backup 142

  Ransom Payment Planning 144

  Cybersecurity Insurance Plan 146

  What It Takes to Declare an Official Data Breach 147

  Internal vs. External Consultants 148

  Cryptocurrency Wallet 149

  Response 151

  Checklist 151

  Definitions 153

  Practice Makes Perfect 153

  Summary 154

  Chapter 6: Detecting Ransomware 155

  Why is Ransomware So Hard to Detect? 155

  Detection Methods 158

  Security Awareness Training 158

  AV/EDR Adjunct Detections 159

  Detect New Processes 160

  Anomalous Network Connections 164

  New, Unexplained Things 166

  Unexplained Stoppages 167

  Aggressive Monitoring 169

  Example Detection Solution 169

  Summary 175

  Chapter 7: Minimizing Damage 177

  Basic Outline for Initial Ransomware Response 177

  Stop the Spread 179

  Power Down or Isolate Exploited Devices 180

  Disconnecting the Network 181

  Disconnect at the Network Access Points 182

  Suppose You Can't Disconnect the Network 183

  Initial Damage Assessment 184

  What is Impacted? 185

  Ensure Your Backups Are Still Good 186

  Check for Signs of Data and Credential Exfiltration 186

  Check for Rogue Email Rules 187

  What Do You Know About the Ransomware? 187

  First Team Meeting 188

  Determine Next Steps 189

  Pay the Ransom or Not? 190

  Recover or Rebuild? 190

  Summary 193

  Chapter 8: Early Responses 195 …