eBook - ePub
Ransomware Protection Playbook
Roger A. Grimes
This is a test
- English
- ePUB (adapté aux mobiles)
- Disponible sur iOS et Android
eBook - ePub
Ransomware Protection Playbook
Roger A. Grimes
DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations
Ă propos de ce livre
Avoid becoming the next ransomware victim by taking practical steps today
Colonial Pipeline. CWT Global. Brenntag. Travelex. The list of ransomware victims is long, distinguished, and sophisticated. And it's growing longer every day.
In Ransomware Protection Playbook, computer security veteran and expert penetration tester Roger A. Grimes delivers an actionable blueprint for organizations seeking a robust defense against one of the most insidious and destructive IT threats currently in the wild. You'll learn about concrete steps you can take now to protect yourself or your organization from ransomware attacks.
In addition to walking you through the necessary technical preventative measures, this critical book will show you how to:
- Quickly detect an attack, limit the damage, and decide whether to pay the ransom
- Implement a pre-set game plan in the event of a game-changing security breach to help limit the reputational and financial damage
- Lay down a secure foundation of cybersecurity insurance and legal protection to mitigate the disruption to your life and business
A must-read for cyber and information security professionals, privacy leaders, risk managers, and CTOs, Ransomware Protection Playbook is an irreplaceable and timely resource for anyone concerned about the security of their, or their organization's, data.
Foire aux questions
Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier lâabonnement ». Câest aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via lâapplication. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă la bibliothĂšque et Ă toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode dâabonnement : avec lâabonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă 12 mois dâabonnement mensuel.
Quâest-ce que Perlego ?
Nous sommes un service dâabonnement Ă des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă toute une bibliothĂšque pour un prix infĂ©rieur Ă celui dâun seul livre par mois. Avec plus dâun million de livres sur plus de 1 000 sujets, nous avons ce quâil vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Ăcouter sur votre prochain livre pour voir si vous pouvez lâĂ©couter. Lâoutil Ăcouter lit le texte Ă haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, lâaccĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Ransomware Protection Playbook est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă Ransomware Protection Playbook par Roger A. Grimes en format PDF et/ou ePUB ainsi quâĂ dâautres livres populaires dans Informatique et CybersĂ©curitĂ©. Nous disposons de plus dâun million dâouvrages Ă dĂ©couvrir dans notre catalogue.
Informations
Part I
Introduction
- Chapter 1:Introduction to Ransomware
- Chapter 2: Preventing Ransomware
- Chapter 3: Cybersecurity Insurance
- Chapter 4: Legal Considerations
Chapter 1
Introduction to Ransomware
This chapter is a general introduction to ransomware starting with the basics and leading to a more mature discussion of all the features and components that make it such a mature and formidable foe today. You will learn that much of the ransomware industry is run more like a professional, corporate industry rather than like the traditional perception of a few bad guys or gangs hiding out in their basements drinking jacked-up caffeinated sodas surrounded by empty bags of chips. Instead, you're more likely to find CEOs, payroll departments, professional developers, and business partners. You will come away with a very good understanding of today's ransomware, what and how it does it, and the significant challenges to defeat it.
Note to the reader: This chapter is the longest of the book.
How Bad Is the Problem?
Many press and security experts seem to compete with each other to use the latest over-the-top superlatives surrounding ransomware. But for once in the computer security world, the statistics and scary reputation are well earned. We have had other very bad, long runs of damage-causing malware such as that from DOS boot viruses, disk-formatting computer viruses like Michelangelo (1992), worms that crashed email and pager systems like the Iloveyou worm (2000), rapidly spreading and database-crashing worms like SQL Slammer (2003), the USB-key spreading Conficker (2008), spam bots, and resource-sucking crypto-miners. We've been living with damage-causing malware for a long time. But no previous threat has produced the damage and operational interruption caused by ransomware. It's simply unparalleled in human history, and that is not hyperbole. It might be the âtipping pointâ event that forces the Internet to finally be made significantly safer.
As bad as ransomware has been and still is, it is still getting worse. The number of attempts against possible victims is growing. The number of successful attacks is growing. The ransoms demanded per exploitation are greater. The percentage of victims paying the ransom is increasing. The overall damage, in financial and other terms, is growing exponentially. Since the beginning of ransomware, and especially since bitcoin came around and allowed it to take off, it has been one historic year after historic year for ransomware purveyors and their programs. We are likely living in the âgolden ageâ of malware, at least from the bad guy's perspective. Here are some of the latest stats at the time of this writing:
- The FBI says it is investigating about 100 different types of ransomware programs (
https://www.reuters.com/technology/fbi-says-it-is-investigating-about-100-types-ransomware-wsj-2021-06-04/). - Ransomware was successful in exploiting 68 percent of surveyed organizations in one year alone (
https://cyber-edge.com/wp-content/uploads/2021/04/CyberEdge-2021-CDR-Report-v1.1-1.pdf). That figure alone is shocking. - The same survey listed in the previous bullet point says the average ransom paid in 2020 was $166,475, and 57 percent of victims paid the ransom.
- Coveware says the average ransom paid in Q1 2021 was $220,298 (
https://www.coveware.com/blog/ransomware-attack-vectors-shift-as-new-software-vulnerability-exploits-abound). Why is Coveware's figure higher than the previous report? It's likely because Coveware's figure is newer. When I see a low-ball ransomware figure, I usually check the date of the statistic, and it's almost always old. And when I mean old, I mean only by a year or two. Either way, ransomware is growing tremendously over time. - The highest publicly known paid ransom the author is aware of is $40 million, but there are many in the $5 million to $10 million range. There are likely many privately paid ransoms over $40 million that we are not aware of.
- This 2019 report (
https://blog.emsisoft.com/en/34822/the-state-of-ransomware-in-the-us-report-and-statistics-2019/) says the average ransomware incident cost $8.1 million and took 287 days to recover from. - This vendor states $18 billion was paid globally in ransom and total costs are in the hundreds of billions of dollars âŠa year (
https://blog.emsisoft.com/en/38426/the-cost-of-ransomware-in-2021-a-country-by-country-analysis/).
In summary, the problem of ransomware is pretty bad and growing over time.
Variability of Ransomware Data
Things are moving so fast in the ransomware world that trying to get up-to-date figures and statistics tends to be like trying to nail the proverbial Jell-Oâą to a wall. Different vendors and surveys in different time periods often say vastly different things. For example, many cybersecurity vendors talk about multi-month average dwell times where the ransomware gang specifically figured out the exact maximum ransom they could ask for, while others will tell you that âmostâ ransomware attacks happen right after the break-in or within hours of the initial successful exploitation, and all the victims are asked for same fixed fee. Who is right? Likely everyone. There are at least a 100 different ransomware programs coded by all sorts of criminals of varying skill levels and experiences successfully attacking tens to hundreds of thousands of organizations and people a year. Different ransomware groups also target different industries, sectors, and regions. The figures and stats are bound to vary widely.
Even the exact same answer can have a different number from the same vendor. For example, the Coveware Q1 2021 report figure listed above states that the average ransom paid was $220,298, but in the same report it also says the median ransom payment was $78,398. The two figures don't even seem close. This seemingly statistical anomaly means that a few victims on the upper end are paying far more than the rest of the victims, which brings up the overall average for everyone. It turns out having to pay a few $5 million and $10 million ransoms will skew results.
So, if you're trying to figure out how much a ransom payment might cost your company, which figure do you use in your estimation calculation? It varies based on your perspective. The most conservative answer is if you want to be safe and set aside for the worse-case scenario, then use the highest reasonable estimate. But who knows, if your organization gets hit by ransomware, the criminals might ask for an unreasonable figure. Certainly, none of the organizations hit by multi-million dollar ransoms would agree with the reasonableness of the request.
How much you might have to pay really comes down to what type of ransomware program you got hit with, how bad things got before damage control started to happen, and how recovery goes. And no one knows those answers until they are in the thick of things. It's like going into a surgery with a bad pain in your lower left quadrant and asking the doctor what the cost of the operation will be before they've put you to sleep. No one knows.
With that said, no matter what figures you grab and whether they are using averages, medians, or last year's figures, the damage caused by ransomware is bad and getting worse. The total involved costs can easily be many millions for multimillion-dollar organizations and tens to hundreds of millions for multibillion-dollar organizations. Smaller amounts of ransom can even be devastating to smaller organizations.
True Costs of Ransomware
Many defenders when trying to argue for the need to defend against ransomware must come up with the potential damages that might occur from a ransomware event. The damages incurred by one organization vary drastically from another, according to size of the organization, revenue stream, preparation, value of the involved data, how bad the incident is, and ability to respond to a particular ransomware attack. There are a lot of variables at play. Get hit with a very simple ransomware program that was really meant to hit a consumer at home, and the cost could be less than $1,000 to clean up a single exploited computer. Get hit by another ransomware variant, and it could mean the whole network is down for weeks to months.
Still, many defenders are asked to come up with estimated costs to help with cybersecurity risk management decisions around ransomware, such as whether to buy cybersecurity insurance, upgrade that old backup system, or what to invest in next to try to prevent a ransomware attack from being successful in their organization. Unfortunately, as covered earlier, the risk from ransomware and costs ...