eBook - ePub
Ransomware Protection Playbook
Roger A. Grimes
This is a test
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Ransomware Protection Playbook
Roger A. Grimes
Book details
Book preview
Table of contents
Citations
About This Book
Avoid becoming the next ransomware victim by taking practical steps today
Colonial Pipeline. CWT Global. Brenntag. Travelex. The list of ransomware victims is long, distinguished, and sophisticated. And it's growing longer every day.
In Ransomware Protection Playbook, computer security veteran and expert penetration tester Roger A. Grimes delivers an actionable blueprint for organizations seeking a robust defense against one of the most insidious and destructive IT threats currently in the wild. You'll learn about concrete steps you can take now to protect yourself or your organization from ransomware attacks.
In addition to walking you through the necessary technical preventative measures, this critical book will show you how to:
- Quickly detect an attack, limit the damage, and decide whether to pay the ransom
- Implement a pre-set game plan in the event of a game-changing security breach to help limit the reputational and financial damage
- Lay down a secure foundation of cybersecurity insurance and legal protection to mitigate the disruption to your life and business
A must-read for cyber and information security professionals, privacy leaders, risk managers, and CTOs, Ransomware Protection Playbook is an irreplaceable and timely resource for anyone concerned about the security of their, or their organization's, data.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Ransomware Protection Playbook an online PDF/ePUB?
Yes, you can access Ransomware Protection Playbook by Roger A. Grimes in PDF and/or ePUB format, as well as other popular books in Informatique & Cybersécurité. We have over one million books available in our catalogue for you to explore.
Information
Part I
Introduction
- Chapter 1:Introduction to Ransomware
- Chapter 2: Preventing Ransomware
- Chapter 3: Cybersecurity Insurance
- Chapter 4: Legal Considerations
Chapter 1
Introduction to Ransomware
This chapter is a general introduction to ransomware starting with the basics and leading to a more mature discussion of all the features and components that make it such a mature and formidable foe today. You will learn that much of the ransomware industry is run more like a professional, corporate industry rather than like the traditional perception of a few bad guys or gangs hiding out in their basements drinking jacked-up caffeinated sodas surrounded by empty bags of chips. Instead, you're more likely to find CEOs, payroll departments, professional developers, and business partners. You will come away with a very good understanding of today's ransomware, what and how it does it, and the significant challenges to defeat it.
Note to the reader: This chapter is the longest of the book.
How Bad Is the Problem?
Many press and security experts seem to compete with each other to use the latest over-the-top superlatives surrounding ransomware. But for once in the computer security world, the statistics and scary reputation are well earned. We have had other very bad, long runs of damage-causing malware such as that from DOS boot viruses, disk-formatting computer viruses like Michelangelo (1992), worms that crashed email and pager systems like the Iloveyou worm (2000), rapidly spreading and database-crashing worms like SQL Slammer (2003), the USB-key spreading Conficker (2008), spam bots, and resource-sucking crypto-miners. We've been living with damage-causing malware for a long time. But no previous threat has produced the damage and operational interruption caused by ransomware. It's simply unparalleled in human history, and that is not hyperbole. It might be the “tipping point” event that forces the Internet to finally be made significantly safer.
As bad as ransomware has been and still is, it is still getting worse. The number of attempts against possible victims is growing. The number of successful attacks is growing. The ransoms demanded per exploitation are greater. The percentage of victims paying the ransom is increasing. The overall damage, in financial and other terms, is growing exponentially. Since the beginning of ransomware, and especially since bitcoin came around and allowed it to take off, it has been one historic year after historic year for ransomware purveyors and their programs. We are likely living in the “golden age” of malware, at least from the bad guy's perspective. Here are some of the latest stats at the time of this writing:
- The FBI says it is investigating about 100 different types of ransomware programs (
https://www.reuters.com/technology/fbi-says-it-is-investigating-about-100-types-ransomware-wsj-2021-06-04/). - Ransomware was successful in exploiting 68 percent of surveyed organizations in one year alone (
https://cyber-edge.com/wp-content/uploads/2021/04/CyberEdge-2021-CDR-Report-v1.1-1.pdf). That figure alone is shocking. - The same survey listed in the previous bullet point says the average ransom paid in 2020 was $166,475, and 57 percent of victims paid the ransom.
- Coveware says the average ransom paid in Q1 2021 was $220,298 (
https://www.coveware.com/blog/ransomware-attack-vectors-shift-as-new-software-vulnerability-exploits-abound). Why is Coveware's figure higher than the previous report? It's likely because Coveware's figure is newer. When I see a low-ball ransomware figure, I usually check the date of the statistic, and it's almost always old. And when I mean old, I mean only by a year or two. Either way, ransomware is growing tremendously over time. - The highest publicly known paid ransom the author is aware of is $40 million, but there are many in the $5 million to $10 million range. There are likely many privately paid ransoms over $40 million that we are not aware of.
- This 2019 report (
https://blog.emsisoft.com/en/34822/the-state-of-ransomware-in-the-us-report-and-statistics-2019/) says the average ransomware incident cost $8.1 million and took 287 days to recover from. - This vendor states $18 billion was paid globally in ransom and total costs are in the hundreds of billions of dollars …a year (
https://blog.emsisoft.com/en/38426/the-cost-of-ransomware-in-2021-a-country-by-country-analysis/).
In summary, the problem of ransomware is pretty bad and growing over time.
Variability of Ransomware Data
Things are moving so fast in the ransomware world that trying to get up-to-date figures and statistics tends to be like trying to nail the proverbial Jell-O™ to a wall. Different vendors and surveys in different time periods often say vastly different things. For example, many cybersecurity vendors talk about multi-month average dwell times where the ransomware gang specifically figured out the exact maximum ransom they could ask for, while others will tell you that “most” ransomware attacks happen right after the break-in or within hours of the initial successful exploitation, and all the victims are asked for same fixed fee. Who is right? Likely everyone. There are at least a 100 different ransomware programs coded by all sorts of criminals of varying skill levels and experiences successfully attacking tens to hundreds of thousands of organizations and people a year. Different ransomware groups also target different industries, sectors, and regions. The figures and stats are bound to vary widely.
Even the exact same answer can have a different number from the same vendor. For example, the Coveware Q1 2021 report figure listed above states that the average ransom paid was $220,298, but in the same report it also says the median ransom payment was $78,398. The two figures don't even seem close. This seemingly statistical anomaly means that a few victims on the upper end are paying far more than the rest of the victims, which brings up the overall average for everyone. It turns out having to pay a few $5 million and $10 million ransoms will skew results.
So, if you're trying to figure out how much a ransom payment might cost your company, which figure do you use in your estimation calculation? It varies based on your perspective. The most conservative answer is if you want to be safe and set aside for the worse-case scenario, then use the highest reasonable estimate. But who knows, if your organization gets hit by ransomware, the criminals might ask for an unreasonable figure. Certainly, none of the organizations hit by multi-million dollar ransoms would agree with the reasonableness of the request.
How much you might have to pay really comes down to what type of ransomware program you got hit with, how bad things got before damage control started to happen, and how recovery goes. And no one knows those answers until they are in the thick of things. It's like going into a surgery with a bad pain in your lower left quadrant and asking the doctor what the cost of the operation will be before they've put you to sleep. No one knows.
With that said, no matter what figures you grab and whether they are using averages, medians, or last year's figures, the damage caused by ransomware is bad and getting worse. The total involved costs can easily be many millions for multimillion-dollar organizations and tens to hundreds of millions for multibillion-dollar organizations. Smaller amounts of ransom can even be devastating to smaller organizations.
True Costs of Ransomware
Many defenders when trying to argue for the need to defend against ransomware must come up with the potential damages that might occur from a ransomware event. The damages incurred by one organization vary drastically from another, according to size of the organization, revenue stream, preparation, value of the involved data, how bad the incident is, and ability to respond to a particular ransomware attack. There are a lot of variables at play. Get hit with a very simple ransomware program that was really meant to hit a consumer at home, and the cost could be less than $1,000 to clean up a single exploited computer. Get hit by another ransomware variant, and it could mean the whole network is down for weeks to months.
Still, many defenders are asked to come up with estimated costs to help with cybersecurity risk management decisions around ransomware, such as whether to buy cybersecurity insurance, upgrade that old backup system, or what to invest in next to try to prevent a ransomware attack from being successful in their organization. Unfortunately, as covered earlier, the risk from ransomware and costs ...