Breaking Ransomware: Explore ways to find and exploit flaws in a ransomware attack 9789355513625

Table of contents :
Section I: Ransomware Understanding
1. Warning Signs, Am I Infected?
Introduction
Structure
Objectives
Proactive steps
Symptoms
Immediate actions
Disconnect the infected computer
Check the scope of infection
Check which ransomware infected you
Plan for response
Conclusion
2. Ransomware Building Blocks
Introduction
Structure
Objectives
Defining ransomware
Cryptocurrency
Bitcoin (BTC)
Ethereum (ETH)
Cryptomining
TOR (Anonymous browsing)
Ransomware as a Service (RaaS)
How RaaS works
RaaS business models
Affiliate-based
Subscription-based
Licensing for lifetime
Threat actors
Vulnerability, exploit and payload
Ransomware attack vectors
Email
Phishing scam
Unsolicited advertisements
Email spoofing
Spear phishing
Exploit kits
USB and removable media
Malvertising
Stages of ransomware
Conclusion
3. Current Defense in Place
Introduction
Structure
Objectives
Existing solutions in place
Backup solutions
Static or signature-based solutions
Dynamic behavior-based solutions
Entropy-based products
Machine learning products
Honeyfile products
User awareness trainings
Vulnerability management tools
Cryptographic interceptors
Analysis of current solutions
R-Locker
PayBreak
Redemption-anti-ransomware
Microsoft controlled folder access
Conclusion
4. Ransomware Abuses Cryptography
Introduction
Structure
Objectives
Concept of cryptography
Types of cryptography algorithms
Symmetric algorithms
Categories of symmetric encryption algorithm
Asymmetric algorithms
Hybrid encryption method
How ransomware abuses cryptographic algorithms
Conclusion
5. Ransomware Key Management
Introduction
Structure
Objectives
Key management techniques
No key management or scareware
Key on the victim machine
Key on hacker machine or attacker network
Conclusion
Section II: Ransomware Internals
6. Internal Secrets of Ransomware
Introduction
Structure
Objectives
Crypto API
CryptAcquireContext
phProv
szContainer
szProvider
dwProvType
dwFlags
CryptAcquireContext Example
CryptGenKey
hProv
Algid
dwFlags
phKey
CryptGenKeyExample
CryptGetUserKey
hProv
dwKeySpec
phUserKey
CryptGetUserKey Example
CryptExportKey
hKey
hExpKey
dwBlobType
dwFlags
pbData
pdwDataLen
CryptExportKey PlainTextBlob Example
CryptExportKey SimpleBlob Example
CryptImportKey
hProv
pbData
dwDataLen
hPubKey
dwFlags
phKey
CryptImportKey Example
Conclusion
7. Portable Executable Insides
Introduction
Structure
Objectives
Creating a custom binary
Structure of Portable Executable
DOS header
DOS Stub
PE header
File header
Optional header
SectionAlignment
FileAlignment
SizeOfImage
SizeOfHeaders
Subsystem
NumberOfRvaAndSizes
Data directory
Section table
Conclusion
8. Portable Executable Sections
Introduction
Structure
Objectives
Sections
.textbss section
.text section
.rsrc section
.rdata
.data
Export section
Import section
When PE file is loaded in memory
Conclusion
Section III: Ransomware Assessment
9. Performing Static Analysis
Introduction
Structure
Objectives
Static analysis
Phase 1 - Infect host
Phase 2 – Generate key
Phase 3 – Encrypt User Data
Phase 4 – Demand ransom
Static analysis tools
PE Studio
CFF explorer
Conclusion
10. Perform Dynamic Analysis
Introduction
Structure
Objectives
Dynamic analysis
Disassemblers
IDA
Ghidra
Cutter
Debuggers
x32dbg/x64dbg
Monitors
Process monitor
Process Explorer
Autoruns
Dependency Walker
Wireshark
Burp Suite
Conclusion
Section IV: Ransomware Forensics
11. What’s in the Memory
Introduction
Structure
Objectives
Static analysis
Dynamic analysis– Check in the memory
Conclusion
12. LockCrypt 2.0 Ransomware Analysis
Introduction
Structure
Objectives
Static Analysis
Dynamic analysis
Conclusion
13. Jigsaw Ransomware Analysis
Introduction
Structure
Objectives
Ransomware analysis
Static analysis
Conclusion
Section V: Ransomware Rescue
14. Experts Tips to Manage Attacks
Introduction
Structure
Objectives
Ransomware incident response plan
Identification
Analysis
Determining the strain of ransomware
Determining the scope of the ransomware infection
Assessing the impact of the ransomware attack
Identifying the initial infection vector of the source of the infection
Containment
Eradication
Communication
Recovery
Post-incident
Ransomware mitigation strategies
Endpoint security solutions
Endpoint antivirus solutions
Endpoint Detection and Response (EDR)
Managed Detection and Response (MDR)
Extended Detection and Response (XDR)
Endpoint protection platform (EPP)
Endpoint operating system hardening
Display file extensions
Disable AutoPlay
Disable Remote Desktop protocol (RDP)
Software restriction policies (SRP) And AppLocker
Disable Windows Script Host
Disable Server Message Block (SMB)
Secure domain controllers (DCs)
Restricting the use of PowerShell
Network security solutions
Next Generation Firewall (NGFW)
Network sandboxing
Intrusion detection system (IDS)
Intrusion prevention system (IPS)
Data Loss Prevention
Honeypot
DNS (Domain Name System) Security
Security information and event management (SIEM)
Security Orchestration, Automation, and Response (SOAR)
Zero Trust Network Access (ZTNA)
Stop ransomware attacks
Least privilege account
Patch management
Environment hardening
Enterprise Mobility Management (EMM)
Components inside an EMM Solution
End user level security
Virtualization technology
Disable macros in Office files
Cyber security awareness training
E-mail security
Backup strategy
Auditing backup policies
Encrypting backup data
Immutable storage
Air gap backup
Use the 3-2-1 backup rule
Ascertain backup coverage
Test the backup plan
Conclusion
Index

Polecaj historie

Surviving a Ransomware Attack with Azure Site Recovery

Have you been the victim of an Ransomware Attack? Are you worried about Ransomware and how to defend against it? Well if

1,423 134 12MB Read more

Ransomware Revealed: A Beginner’s Guide to Protecting and Recovering from Ransomware Attacks 9781484242551, 9781484242544, 1484242556

Know how to mitigate and handle ransomware attacks via the essential cybersecurity training in this book so you can stop

200 47 9MB Read more

Ransomware Revealed: A Beginner’s Guide To Protecting And Recovering From Ransomware Attacks 1484242548, 9781484242544, 9781484242551

Know how to mitigate and handle ransomware attacks via the essential cybersecurity training in this book so you can stop

1,490 76 8MB Read more

Ransomware Protection Playbook 9781119849124, 1119849128

Avoid becoming the next ransomware victim by taking practical steps today Colonial Pipeline. CWT Global. Brenntag. Trav

238 40 15MB Read more

Ransomware: Understand. Prevent. Recover. [1 ed.]

With more than 20 years of experience in ransomware and information security, Allan Liska has improved countless organiz

439 137 11MB Read more

Ransomware and Cybercrime [1 ed.] 9781032235493, 9781032235509, 9781003278214, 1032235497

In May 2021, Jim Gosler, known as the Godfather and commander of US agencies’ cyber offensive capability, said, '&#

98 84 8MB Read more

Incident response techniques for ransomware attacks : understand modern ransomware attacks and build an incident response strategy to work them 9781803240442, 180324044X

245 42 17MB Read more

Ransomware Revolution: The Rise Of A Prodigious Cyber Threat [85, 1st Edition] 3030665828, 9783030665821, 9783030665838

This book explores the genesis of ransomware and how the parallel emergence of encryption technologies has elevated rans

621 117 4MB Read more

A Mindful Year: 365 Ways to Find Connection and the Sacred in Everyday Life [Kindle Edition]

From two experts on the psychology of behavior change comes A Mindful Year, the first book of its kind to join the age-o

1,059 121 5MB Read more

Your Cybersecurity Survival Guide: Your Simple Solution to Spot Social Engineering, Stop Ransomware, and Sleep Soundly at Night

514 83 3MB Read more