You're reading from Incident Response Techniques for Ransomware Attacks Understand modern ransomware attacks and build an incident response strategy to work through them

Product type Paperback

Published in Apr 2022

Publisher Packt

ISBN-13 9781803240442

Length 228 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Oleg Skulkin

Preface

1. Section 1: Getting Started with a Modern Ransomware Attack

2. Chapter 1: The History of Human-Operated Ransomware Attacks FREE CHAPTER

3. Chapter 2: The Life Cycle of a Human-Operated Ransomware Attack

4. Chapter 3: The Incident Response Process

5. Section 2: Know Your Adversary: How Ransomware Gangs Operate

6. Chapter 4: Cyber Threat Intelligence and Ransomware

7. Chapter 5: Understanding Ransomware Affiliates' Tactics, Techniques, and Procedures

8. Chapter 6: Collecting Ransomware-Related Cyber Threat Intelligence

9. Section 3: Practical Incident Response

10. Chapter 7: Digital Forensic Artifacts and Their Main Sources

11. Chapter 8: Investigating Initial Access Techniques

12. Chapter 9: Investigating Post-Exploitation Techniques

13. Chapter 10: Investigating Data Exfiltration Techniques

14. Chapter 11: Investigating Ransomware Deployment Techniques

15. Chapter 12: The Unified Ransomware Kill Chain

16. Other Books You May Enjoy

Other log sources

Let's finish this chapter by listing a few additional log sources that may play a critical role in your investigation:

Anti-virus software logs – As you already know, ransomware affiliates may use quite a few tools, so at least some of them will be detected by anti-virus software. These logs may provide you with a few good pivot points.
Firewall logs – These logs may provide you with great insights into network connections, including malicious connections. These are an extremely valuable source of forensic data, especially if they store data for a long time period, and you have at least some network indicators of compromise.
VPN logs – These are some of the common vectors of obtaining initial access to the network. So, they can also reveal some information about the threat actors' network infrastructure. GeoIP analysis may be quite useful. Is it common for your client's employees to connect to the network from Russia...

The rest of the chapter is locked