You're reading from Incident Response Techniques for Ransomware Attacks Understand modern ransomware attacks and build an incident response strategy to work through them

Product type Paperback

Published in Apr 2022

Publisher Packt

ISBN-13 9781803240442

Length 228 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Oleg Skulkin

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Getting Started with a Modern Ransomware Attack

2. Chapter 1: The History of Human-Operated Ransomware Attacks FREE CHAPTER

3. Chapter 2: The Life Cycle of a Human-Operated Ransomware Attack

4. Chapter 3: The Incident Response Process

5. Section 2: Know Your Adversary: How Ransomware Gangs Operate

6. Chapter 4: Cyber Threat Intelligence and Ransomware

7. Chapter 5: Understanding Ransomware Affiliates' Tactics, Techniques, and Procedures

8. Chapter 6: Collecting Ransomware-Related Cyber Threat Intelligence

9. Section 3: Practical Incident Response

10. Chapter 7: Digital Forensic Artifacts and Their Main Sources

11. Chapter 8: Investigating Initial Access Techniques

12. Chapter 9: Investigating Post-Exploitation Techniques

13. Chapter 10: Investigating Data Exfiltration Techniques

14. Chapter 11: Investigating Ransomware Deployment Techniques

15. Chapter 12: The Unified Ransomware Kill Chain

16. Other Books You May Enjoy

The Unified Kill Chain

The Unified Kill Chain merges and extends the Cyber Kill Chain® and MITRE ATT&CK®. It was developed by Paul Pols in his master's thesis, Modeling Fancy Bear Attacks: Unifying the Cyber Kill Chain.

The white paper is available here: https://www.unifiedkillchain.com/assets/The-Unified-Kill-Chain.pdf.

The Unified Kill Chain splits the attack life cycle into three main stages: Initial Foothold, Network Propagation, and Action on Objectives. Let's look at each stage separately.

Initial Foothold

The first stage describes the steps performed by threat actors to gain access to the target system or network.

Figure 12.1 – The steps of the Initial Foothold stage

The life cycle starts with researching the target (Reconnaissance). Then, ransomware affiliates need to prepare the infrastructure: malware (including ransomware) and other weaponized objects, as well as C2 infrastructure, and so on (Weaponization...