Ransomware and Cyber Extortion: Response and Prevention

Protect Your Organization from Devastating Ransomware and Cyber Extortion Attacks

Ransomware and other cyber extortion crimes have reached epidemic proportions. The secrecy surrounding them has left many organizations unprepared to respond. Your actions in the minutes, hours, days, and months after an attack may determine whether you'll ever recover.

You must be ready. With this book, you will be.

Ransomware and Cyber Extortion is the ultimate practical guide to surviving ransomware, exposure extortion, denial-of-service, and other forms of cyber extortion. Drawing heavily on their own unpublished case library, cyber security experts Sherri Davidoff, Matt Durrin, and Karen Sprenger guide you through responding faster, minimizing damage, investigating more effectively, expediting recovery, and preventing it from happening in the first place. Proven checklists help your security teams act swiftly and effectively together, throughout the entire lifecycle--whatever the attack and whatever the source.

• Understand different forms of cyber extortion and how they evolved
• Quickly recognize indicators of compromise
• Minimize losses with faster triage and containment
• Identify threats, scope attacks, and locate patient zero
• Initiate and manage a ransom negotiation--and avoid costly mistakes
• Decide whether to pay, how to perform due diligence, and understand risks
• Know how to pay a ransom demand while avoiding common pitfalls
• Reduce risks of data loss and reinfection
• Build a stronger, holistic cybersecurity program that reduces your risk of getting hacked

This guide offers immediate value to everyone involved in prevention, response, planning, or policy: CIOs, CISOs, incident responders, investigators, negotiators, executives, legislators, regulators, law enforcement professionals, and others.

Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details.

「保護您的組織免受毀滅性勒索軟體和網路勒索攻擊」
勒索軟體和其他網路勒索犯罪已經達到流行病的程度。這些事件的保密性使得許多組織無法做好應對準備。您在攻擊發生後的幾分鐘、幾小時、幾天和幾個月內的行動，可能決定您是否能夠「永遠」恢復。

您必須做好準備。這本書將幫助您做到。

「勒索軟體和網路勒索」是一本終極的實用指南，教您如何應對勒索軟體、勒索攻擊、阻斷服務等形式的網路勒索。網路安全專家Sherri Davidoff、Matt Durrin和Karen Sprenger在書中大量借鑒了他們自己未發表的案例庫，引導您更快地應對、減少損害、更有效地進行調查、加快恢復速度，並「預防它發生」。實用的檢查清單可以幫助您的安全團隊在整個生命周期中迅速且有效地行動，無論攻擊的形式和來源如何。

- 了解不同形式的網路勒索及其演變
- 快速識別威脅指標
- 通過更快的分析和隔離來減少損失
- 確定威脅、範圍攻擊並找到源頭
- 發起和管理勒索談判，避免昂貴的錯誤
- 判斷是否支付贖金，如何進行盡職調查並了解風險
- 知道如何支付贖金要求，同時避免常見陷阱
- 減少數據損失和再感染的風險
- 建立更強大、全面的網路安全計劃，降低被駭客攻擊的風險

這本指南對於預防、應對、規劃或政策制定的所有相關人員都具有立即價值，包括CIO、CISO、事件應對人員、調查人員、談判人員、高管、立法者、監管機構、執法人員等。

「註冊您的書籍以便方便地獲取下載、更新和/或更正。詳情請參閱書中內容。」

Sherri Davidoff, CEO of LMG Security and author of Data Breaches, has been called a security badass by the New York Times. An instructor at the renowned Black Hat cybersecurity trainings, she is a GIAC-certified forensic analyst (GCFA) and penetration tester (GPEN). She holds a degree in computer science and electrical engineering from MIT.

Matt Durrin, the Director of Training and Research at LMG Security, is a popular speaker at national conferences and training venues. His malware research has been featured on the NBC Nightly News.

Karen Sprenger, LMG Security's COO and chief ransomware negotiator, is a noted industry expert, speaker, trainer, and course developer with 25+ years of security/IT experience. She is a GIAC-certified forensic examiner (GCFE) and Certified Information Systems Security Professional (CISSP).

Sherri Davidoff是LMG Security的首席執行官，也是《Data Breaches》一書的作者。《紐約時報》稱她為安全領域的厲害角色。她是著名的Black Hat網絡安全培訓機構的講師，擁有GIAC認證的數據取證分析師（GCFA）和滲透測試師（GPEN）資格。她畢業於麻省理工學院，獲得計算機科學和電氣工程學位。

Matt Durrin是LMG Security的培訓和研究總監，是國家級會議和培訓場所的受歡迎演講者。他的惡意軟件研究曾在《NBC Nightly News》上亮相。

Karen Sprenger是LMG Security的首席運營官和勒索軟件首席談判代表，是一位知名的行業專家、演講者、培訓師和課程開發者，擁有25年以上的安全/IT經驗。她是GIAC認證的數據取證檢查員（GCFE）和Certified Information Systems Security Professional（CISSP）。