Ransomware Protection Playbook. Roger A. Grimes
https://www.thepitchkc.com/dr-popp-the-first-computer-virus-and-the-purpose-of-human-life-studies-in-crap-gapes-at-popular-evolution/
https://blog.emsisoft.com/en/34742/history-of-ransomware-a-supervillain-30-years-in-the-making/
https://www.knowbe4.com/aids-trojan
The PC Cyborg ransomware trojan was a startling wake-up. The lesson learned was that there are people in this world who have no ethical qualms with encrypting your hard drive and asking for a ransom to be paid to unlock it. They were willing to risk going to jail to do it.
Surprisingly, after Dr. Popp's trojan, there wasn't a lot of imitation as antivirus fighters had feared. Perhaps it was because Dr. Popp had not been successful. He didn't get rich. He ended up in jail. Lesson learned. Other criminals learned that it was hard to do digital extortion and get away with it, at least at the time. But in another decade or so, other advances in technology would give them the means to get away with the crime almost every time.
Dr. Popp's encryption wasn't very good either. But around the same time period, other types of malware, especially computer viruses, were starting to experiment with better encryption. But encryption was used only to hide and protect the malware program itself from quick antivirus detection and not to encrypt data files and ask for ransom.
Slowly a few slightly “better” ransomware programs started to appear. Most of them made up their own encryption routines, which is to say almost always resulted in very bad, easily-breakable, encryption. These early “cryptoviruses” or “cryptotrojans,” as they were known then, rarely required a decryption key to unlock the data. Hobbyist cryptographers often figured how to decrypt the locked files without having to pay the ransom. Good encryption is hard to make. By 2006, a second class of crypto-malware started to show up, this time using known and proven cryptographic routines that were not so easy to break. By 2013, ransomware programs using encryption that was really hard to impossible to break were fairly common.
As the encryption issue was being fixed, the far bigger problem for criminals was how a ransomware creator could get paid without getting caught and sent to jail. Two things happened. First, Bitcoin was invented in 2009. It took a few years, but by 2014, the ransomware programs made the link to Bitcoin, and the whole ransomware industry exploded. Now, criminals could get paid without getting caught.
Second, some major countries, like Russia, became cyber safe havens for ransomware criminals. Today, many ransomware gangs are located in or around Russia and operate with near impunity. Many pay bribes to local and country law enforcement as a part of doing business, and their revenue streams are seen as a net positive in their host countries. As long as they don't encrypt computers in their host or friendly ally countries, they are free to do business with few exceptions.
With these two new developments in place, sophisticated ransomware programs started to take out entire businesses, hospitals, police stations, and even entire cities. Today, ransomware is so prolific that entire companies being taken down, and ransoms paid in the multi-million-dollar range don't even raise an eyebrow. Ransomware attacks are taking down oil pipelines, food production plants, corporate mega-conglomerates, closing schools, delaying healthcare, and pretty much exploiting everything they can with near impunity. As I write this, ransomware gangs are likely in their “golden years,” causing more disruption and making more money, than ever before. At this moment, we aren't doing a very good job at stopping it.
But we can. That's what this book is about. It's about preventing ransomware from happening in the first place, as your number-one objective, and minimizing damage if your organization gets hit. Turns out there are many things any organization can do to avoid being hit by ransomware or to at least significantly minimize the odds. Fighting ransomware is more than having a good, solid backup and up-to-date antivirus program.
This book will tell you the best things you can do to prevent a ransomware attack from happening in the first place, better than any other source you can find. It will tell you the details of what you need to do before you are possibly hit by ransomware and what to do, step-by-step if you are exploited. You don't have to be a victim. You can fight back.
Anyone can be a victim of ransomware. Ransomware is difficult to defeat currently. The aim of this book is not to say that you can 100 percent defeat ransomware. You can't. No one can make that claim. Cybersecurity defense is about risk minimization, not elimination. My goal is to help you minimize the risk as much as possible. If you follow the ideas and steps in this book, you will minimize your risk of a successful ransomware exploit as best you can given the current state of what we can do until we get new defenses that work better for us all (covered in Chapter 2, “Preventing Ransomware”).
Fight the good fight!
Who This Book Is For
This book is primarily aimed at anyone who is in charge of managing their organization's computer security, from the front-line defender to the top computer security executive. It is for anyone who is considering reviewing, buying, or implementing computer security defenses for the first or the tenth time.
What it will take to prevent and mitigate ransomware is what it will take to prevent and mitigate all malicious hackers and malware. The lessons taught in this book, if followed, will significantly reduce risk of all malicious hackers and malware attacks. Even if one day ransomware goes away, the lessons learned here will readily apply to the next “big” attack. Ransomware is not your real problem; it's an outcome of your real problem.
What Is Covered in This Book?
Ransomware Protection Playbook contains 12 chapters separated into 2 distinct parts.
Part I: Introduction
Part I summarizes what ransomware does, how sophisticated it is, and how to prevent it from exploiting your organization and devices. Many people don't understand how mature ransomware is and even more don't concentrate enough on stopping it before it attacks.
Chapter 1, “Introduction to Ransomware” Chapter 1 covers ransomware starting with a little bit of history of the significant milestones and then discusses the very sophisticated and mature versions used today. The ransomware industry is run much more like a multilevel marketing firm/ecosystem than anything else. Chapter 1 will cover the common pieces and parts. As an encompassing introduction, it is also the longest chapter in the book.
Chapter 2, “Preventing Ransomware” Preventing ransomware