Preface

• Who this book is for
• What this book covers
• Download the color images
• Conventions used
• Get in touch
• Disclaimer
• Share Your Thoughts

1. Section 1: Getting Started with a Modern Ransomware Attack

2. Chapter 1: The History of Human-Operated Ransomware Attacks FREE CHAPTER

• 2016 – SamSam ransomware
• 2017 – BitPaymer ransomware
• 2018 – Ryuk ransomware
• 2019-present – ransomware-as-a-service
• Summary

3. Chapter 2: The Life Cycle of a Human-Operated Ransomware Attack

• Initial attack vectors
• Post-exploitation
• Data exfiltration
• Ransomware deployment
• Summary

4. Chapter 3: The Incident Response Process

• Preparation for an incident
• Threat detection and analysis
• Containment, eradication, and recovery
• Post-incident activity
• Summary

5. Section 2: Know Your Adversary: How Ransomware Gangs Operate

6. Chapter 4: Cyber Threat Intelligence and Ransomware

• Strategic cyber threat intelligence
• Operational cyber threat intelligence
• Tactical cyber threat intelligence
• Summary

7. Chapter 5: Understanding Ransomware Affiliates' Tactics, Techniques, and Procedures

• Gaining initial access
• Executing malicious code
• Obtaining persistent access
• Escalating privileges
• Bypassing defenses
• Accessing credentials
• Moving laterally
• Collecting and exfiltrating data
• Ransomware deployment
• Summary

8. Chapter 6: Collecting Ransomware-Related Cyber Threat Intelligence

• Threat research reports
• Community
• Threat actors
• Summary

9. Section 3: Practical Incident Response

10. Chapter 7: Digital Forensic Artifacts and Their Main Sources

• Volatile memory collection and analysis
• Non-volatile data collection
• Master file table
• Prefetch files
• LNK files
• Jump lists
• SRUM
• Web browsers
• Windows Registry
• Windows event logs
• Other log sources
• Summary

11. Chapter 8: Investigating Initial Access Techniques

• Collecting data sources for an external remote service abuse investigation
• Investigating an RDP brute-force attack
• Collecting data sources for a phishing attack investigation
• Investigating a phishing attack
• Summary

12. Chapter 9: Investigating Post-Exploitation Techniques

• Investigating credential access techniques
• Investigating reconnaissance techniques
• Investigating lateral movement techniques
• Summary

13. Chapter 10: Investigating Data Exfiltration Techniques

• Investigating web browser abuse for data exfiltration
• Investigating cloud service client application abuse for data exfiltration
• Investigating third-party cloud synchronization tool abuse for data exfiltration
• Investigating the use of custom data exfiltration tools
• Summary

14. Chapter 11: Investigating Ransomware Deployment Techniques

• Investigation of abusing RDP for ransomware deployment
• Crylock ransomware overview
• Investigation of Administrative shares for ransomware deployment
• REvil ransomware overview
• Investigation of Group Policy for ransomware deployment
• LockBit ransomware overview
• Summary

15. Chapter 12: The Unified Ransomware Kill Chain

• Cyber Kill Chain®
• MITRE ATT&CK®
• The Unified Kill Chain
• The Unified Ransomware Kill Chain
• Summary
• Why subscribe?

16. Other Books You May Enjoy

• Packt is searching for authors like you
• Share Your Thoughts