Автор: Ryan Golden, Anthony M. Freed
Издательство: O’Reilly Media, Inc.
Год: 2024-04-19
Язык: английский
Формат: pdf, epub
Размер: 10.1 MB
Ransomware poses an existential threat to organizations of all sizes in any vertical. These attacks are extremely lucrative, with ransom demands and recovery costs bleeding victim organizations out of millions of dollars. This book provides an overview of the ransomware economy, including the threat that this complex attack ecosystem poses to organizations, and reveals how you can best prepare to be resilient in the face of this threat and remain operational.
Ransomware is a major threat to businesses and organizations of all kinds. Ransomware and data extortion attacks are not only disruptive to business operations but also costly to resolve. They spur regulatory actions and civil litigation, including class action lawsuits against victim organizations, and more recently have even resulted in criminal charges being lodged against company officers.
Cybercriminals and hostile nation-state entities are extorting large sums from businesses and other organizations of all sizes across every industry vertical. They’ve been conducting such financially motivated cybercrimes for years now, continually refining and improving their exploitation techniques and encryption payloads. And even if a victim organization pays a ransom, there’s no guarantee that it will actually get its data decrypted, nor is there a guarantee that its data won’t be publicly exposed. Often, attackers don’t reciprocate a ransom payment with the promised action. After all, they’re criminals—they don’t have to follow any rules but their own.
As much as possible, ransomware should be stopped in its tracks before it’s even able to execute. Cybercrime groups and nation-state threat actors have developed increasingly sophisticated ransomware that includes features specifically designed to evade analysis and disable, blind, or bypass endpoint protection platform (EPP), EDR, and XDR tools. It’s possible to stop a ransomware payload at the execution phase of the attack sequence if the right tools are in place to detect it. So far, EPP, EDR, and XDR have an extremely high miss rate when it comes to ransomware.
Some commodity ransomware may be preventable with the signature- and heuristics-based tools that are used in a lot of endpoint security solutions, but as we see from the increasing number of victims daily, antivirus, detection and response, and other endpoint solutions continue to fail. A dedicated anti-ransomware solution utilizes Artificial Intelligence (AI) and Machine Learning (ML) with behavioral analytics to identify and stop polymorphic and repacked variants of ransomware that EPP, EDR, and XDR continue to miss. This is because AI/ML endpoint protection models were trained on characteristics that all malware share, including a subset of ransomware. But ransomware does not behave like other malware, so training AI/ML models on the few characteristics that ransomware does share with other malware leaves a lot of room for missed detections. Conversely, AI/ML models in a dedicated anti-ransomware solution are trained on characteristics that all ransomware share, delivering more efficient and effective detection of ransomware attacks.
Contents:
Скачать Ransomware and Data Extortion