You're reading from Incident Response Techniques for Ransomware Attacks Understand modern ransomware attacks and build an incident response strategy to work through them

Product type Paperback

Published in Apr 2022

Publisher Packt

ISBN-13 9781803240442

Length 228 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Oleg Skulkin

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Getting Started with a Modern Ransomware Attack

2. Chapter 1: The History of Human-Operated Ransomware Attacks FREE CHAPTER

3. Chapter 2: The Life Cycle of a Human-Operated Ransomware Attack

4. Chapter 3: The Incident Response Process

5. Section 2: Know Your Adversary: How Ransomware Gangs Operate

6. Chapter 4: Cyber Threat Intelligence and Ransomware

7. Chapter 5: Understanding Ransomware Affiliates' Tactics, Techniques, and Procedures

8. Chapter 6: Collecting Ransomware-Related Cyber Threat Intelligence

9. Section 3: Practical Incident Response

10. Chapter 7: Digital Forensic Artifacts and Their Main Sources

11. Chapter 8: Investigating Initial Access Techniques

12. Chapter 9: Investigating Post-Exploitation Techniques

13. Chapter 10: Investigating Data Exfiltration Techniques

14. Chapter 11: Investigating Ransomware Deployment Techniques

15. Chapter 12: The Unified Ransomware Kill Chain

16. Other Books You May Enjoy

Collecting and exfiltrating data

We've already discussed that modern human-operated ransomware attacks, in most cases, are not only about data encryption but about data exfiltration. There are multiple sources that ransomware affiliates may collect data from before exfiltration. Let's look at the most common ones.

Data from local system (T1005)

The threat actors may find valuable data on some of the compromised systems. Agreements, contracts, or files containing personal data – all these may be used by ransomware affiliates for extortion.

Data from network shared drives (T1039)

Network shared drives are very common sources of potentially sensitive information, so data in such locations is often collected and exfiltrated by various ransomware affiliates.

Email collection (T1114)

Some threat actors use a more targeted approach. For example, Cl0p ransomware affiliates usually tried to locate hosts that belonged to the target company's top management...

The rest of the chapter is locked

You're reading from Incident Response Techniques for Ransomware Attacks Understand modern ransomware attacks and build an incident response strategy to work through them

Table of Contents (17) Chapters

Collecting and exfiltrating data

Data from local system (T1005)

Data from network shared drives (T1039)

Email collection (T1114)

Authors (1)

Personalised recommendations for you

You're reading from Incident Response Techniques for Ransomware Attacks Understand modern ransomware attacks and build an incident response strategy to work through them

Table of Contents (17) Chapters

Collecting and exfiltrating data

Data from local system (T1005)

Data from network shared drives (T1039)

Email collection (T1114)

Unlock this book and the full library FREE for 7 days

Authors (1)

Personalised recommendations for you