Ransomware Protection Playbook. Roger A. Grimes
Decryption Keys to Your Only Copy Not Care About Root Cause Keep Your Ransomware Response Plan Online Only Allow a Team Member to Go Rogue Accept a Social Engineering Exclusion in Your Cyber-Insurance Policy Summary Chapter 12: Future of Ransomware Future of Ransomware Future of Ransomware Defense Summary Parting Words
6 Index
List of Tables
1 Chapter 2Table 2.1 Ransomware Root Causes by Report
List of Illustrations
1 IntroductionFigure I.1 Picture of disk that AIDS PC Cyborg trojan arrived onFigure I.2 Picture of AIDS PC Cyborg Trojan disk program instructionsFigure I.3 Picture of AIDS PC Cyborg Trojan ransomware screen instructions...
2 Chapter 1Figure 1.1 Example scareware screenshotFigure 1.2 Screenshot of NotPetya activated and claiming to be ransomware...Figure 1.3 Screenshot of immediate action Cryptic ransomwareFigure 1.4 A real-world ransom data extortion demandFigure 1.5 A real-world ransom extortion demand on the regular webFigure 1.6 Cerberus trojan network logical diagram
3 Chapter 2Figure 2.1 3×3 Security Control PillarsFigure 2.2 Example Microsoft AppLocker configuration
4 Chapter 3Figure 3.1 Percentage increases in cybersecurity insurance premiums over tim...Figure 3.2 Example services offered by AIG cybersecurity insurance product f...
5 Chapter 4Figure 4.1 Graphical representation of a common blockchain formatFigure 4.2 The bitcoin address used by NotPetyaFigure 4.3 Elliptic's graphical representation of the ransom paid via bitcoi...Figure 4.4 Start of OFAC memo stating that paying ransomware could be illega...
6 Chapter 6Figure 6.1 Logical flow of process anomaly detectionFigure 6.2 Logical flow of network anomaly detectionFigure 6.3 Opening AppLocker using Local Group PolicyFigure 6.4 AppLocker rule typesFigure 6.5 Enabling Audit Only mode in AppLockerFigure 6.6 Baseline rules about to be created in AppLockerFigure 6.7 Partial example of resulting AppLocker baseline rulesFigure 6.8 Example 8003 AppLocker event log warning
7 Chapter 7Figure 7.1 Basic ransomware initial tasksFigure 7.2 Rebuild vs. repair recovery risk decision
8 Chapter 10Figure 10.1 Number of newly publicly announced vulnerabilities by year
9 Chapter 12Figure 12.1 YouTube video showing television ransomware event
Guide
9 Table of Contents
11 Index
12 WILEY END USER LICENSE AGREEMENT
Pages
1 iii
2 xxi
3 xxii
4 xxiii
5 xxiv
6 xxv
7 xxvi
8 xxvii
9 xxviii
10 xxix
11 xxx
12 xxxi
13 xxxii