Cybersecurity Threats: Ransomware
Course info
Course info
Description
Ransomware attacks have surged recently. You see all types of organizations and users impacted by this threat. It is estimated that ransomware will increase in frequency and impact in the coming months and years. In this course, Cybersecurity Threats: Ransomware, you'll receive comprehensive knowledge of typical infection points where ransomware can get into your systems and understand the options you have to recover your encrypted files. First, you'll discover what tools are available, many of them free, to help you recover a system that has suffered a ransomware attack. Next, you'll explore what you need to be aware of if you decide to pay the ransom to avoid some pitfalls. Finally, you'll learn how to defend your network and system and create an incident response plan to have at the ready should your systems be attacked. By the end of this course, you'll have all the necessary skills and knowledge to manage the threat of ransomware.
About the author
Richard has worked for over 20 years in various technology management roles working in card payments and regulated financial sectors. He spent several years deploying niche payment card solutions in Europe and more recently as CIO, serving the US mortgage sector. Richard specializes in IT Risk and Information Security management.
More from the author
Section Introduction Transcripts
Course Overview
Hi there, my name is Richard Harpur and welcome to my course Cybersecurity Threats: Ransomware. I'm a certified information security manager and my day job is all about managing IT risks, and there's no escaping the risk of ransomware, it's everywhere. And toolkits to perform ransomware attacks are now being sold by criminals for as little as a couple of hundred dollars. This has resulted in a surge of attacks and no one is immune. Proactive users prepare for a ransomware attack in advance. This minimizes their chance of losing data and provides you with the maximum chance of recovering your files. As we progress through this course you will learn the key entry points for ransomware infections. You learn how to defend your network and how to identify and contain a ransomware attack. By the end of this course you'll be fully informed and know how to defend your systems from attack and the best approaches to recover your data should you fall victim to ransomware. I hope you'll join me on this journey to learn all about cybersecurity threats: ransomware at Pluralsight.
Ransomware Entry Points
In this module we're going to look at the ransomware entry points. How does ransomware get into your network? First of all, let's go through a typical scenario. Let's make the assumption that you're working for a company called Globomantics. Within Globomantics your boss, let's call her Alice, could be a CISO, a Chief Information Security Officer, an IT manager, a CIO or maybe just the owner of the business. Alice presents you with a question, how well are we prepared for a ransomware attack? This is your job. You start to think, first of all in order to answer the question, I need to understand how can ransomware get into our network? And that's what we're going to answer in this module. Let's have a look at the overview. We're going to go through the infector vectors. Hmmm, one thing about information security, there's plenty of lingo and acronyms. Just like of infection vectors as the entry points into your network. Then we're going to look at some sample infection points. We're going to walk through the typical infection points of ransomware attacks. This will arm you with understanding where to look in your network for defenses against ransomware. Then we're going to explain the importance of the callbacks to what's called C&C, command and control, servers for ransomware to work. And after that we're going to be ready to talk about incident response. So let's get started.
Incident Response: Detection and Containment
Welcome to this module in our Cybersecurity Threats Ransomware Pluralsight course. This module, which is called Incident Response: Detection and Containment, will cover what you need to know once you've discovered that a ransomware attack has occurred in your organization. Let's build out our scenario for this module. Let's assume that you have help desk in your organization and they've contacted you to tell you that a user cannot access their files because they appear to have all been renamed. The file names have changed. In your mind you're thinking - this sounds like a ransomware attack. In this module we're going to identify other indicators that might lead you to confirm that a ransomware attack has occurred in your organization. Let's have a look at what we're going to cover in this module. We're going to look at the indicators of a ransomware attack, some of them very obvious and explicit and others are more subtle. It's crucial that you're aware of the number of different indicators because the sooner you identify a ransomware attack has occurred, the faster that you can respond. And speaking about response, we're going to discuss why it's so important to respond in a rapid time frame. And finally, we're going to look at some of the approaches that you can take to containing a ransomware outbreak. Let's get started.