Roger A. Grimes

Ransomware Protection Playbook


Скачать книгу

Decryption Keys to Your Only Copy Not Care About Root Cause Keep Your Ransomware Response Plan Online Only Allow a Team Member to Go Rogue Accept a Social Engineering Exclusion in Your Cyber-Insurance Policy Summary Chapter 12: Future of Ransomware Future of Ransomware Future of Ransomware Defense Summary Parting Words

      6  Index

      7  Copyright

      8  Dedication

      9  About the Author

      10  About the Technical Editor

      11  Acknowledgments

      12  End User License Agreement

      List of Tables

      1 Chapter 2Table 2.1 Ransomware Root Causes by Report

      List of Illustrations

      1 IntroductionFigure I.1 Picture of disk that AIDS PC Cyborg trojan arrived onFigure I.2 Picture of AIDS PC Cyborg Trojan disk program instructionsFigure I.3 Picture of AIDS PC Cyborg Trojan ransomware screen instructions...

      2 Chapter 1Figure 1.1 Example scareware screenshotFigure 1.2 Screenshot of NotPetya activated and claiming to be ransomware...Figure 1.3 Screenshot of immediate action Cryptic ransomwareFigure 1.4 A real-world ransom data extortion demandFigure 1.5 A real-world ransom extortion demand on the regular webFigure 1.6 Cerberus trojan network logical diagram

      3 Chapter 2Figure 2.1 3×3 Security Control PillarsFigure 2.2 Example Microsoft AppLocker configuration

      4 Chapter 3Figure 3.1 Percentage increases in cybersecurity insurance premiums over tim...Figure 3.2 Example services offered by AIG cybersecurity insurance product f...

      5 Chapter 4Figure 4.1 Graphical representation of a common blockchain formatFigure 4.2 The bitcoin address used by NotPetyaFigure 4.3 Elliptic's graphical representation of the ransom paid via bitcoi...Figure 4.4 Start of OFAC memo stating that paying ransomware could be illega...

      6 Chapter 6Figure 6.1 Logical flow of process anomaly detectionFigure 6.2 Logical flow of network anomaly detectionFigure 6.3 Opening AppLocker using Local Group PolicyFigure 6.4 AppLocker rule typesFigure 6.5 Enabling Audit Only mode in AppLockerFigure 6.6 Baseline rules about to be created in AppLockerFigure 6.7 Partial example of resulting AppLocker baseline rulesFigure 6.8 Example 8003 AppLocker event log warning

      7 Chapter 7Figure 7.1 Basic ransomware initial tasksFigure 7.2 Rebuild vs. repair recovery risk decision

      8 Chapter 10Figure 10.1 Number of newly publicly announced vulnerabilities by year

      9 Chapter 12Figure 12.1 YouTube video showing television ransomware event

      Guide

      1  Cover Page

      2  Title Page

      3  Copyright

      4  Dedication

      5  About the Author

      6  About the Author

      7  Acknowledgments

      8  Introduction

      9 Table of Contents

      10  Begin Reading

      11  Index

      12  WILEY END USER LICENSE AGREEMENT

      Pages

      1  iii

      2  xxi

      3  xxii

      4  xxiii

      5  xxiv

      6  xxv

      7  xxvi

      8  xxvii

      9  xxviii

      10  xxix

      11  xxx

      12  xxxi

      13  xxxii