Ransomware Incident and Investigation – v.2

Ransomware attacks are on the rise and have been getting more dangerous in recent years. An attack on corporate networks that encrypts sensitive information can cost businesses hundreds of thousands or even millions of dollars. In 2020, the total number of global ransomware reports increased by 485% year-over-year according to the latest Threat Landscape Report 2020 by Bitdefender.

A ransomware attack can be devastating for a home or a business. Valuable and irreplaceable files can be lost and tens or even hundreds of hours of effort can be required to get rid of the infection and get systems working again.

Ransomware attacks continue to evolve and attack methods get more sophisticated all the time. You don’t have to be part of the statistics. With professional training, good planning and smart practices, you and your cyber team can prevent ransomware from affecting your systems.

With 81% of organizations believing ransomware attacks will become more prevalent in the second half of 2021, nearly everyone is preparing for the worst to come. According to ISACA’s latest survey of 1,200 IT professionals, it appears that organizations are waking up to the fact that ransomware is a much larger problem. 46% of organizations consider ransomware to be the cyberthreat most likely to impact their organization in the next 12 months. 85% think their organization is at least “somewhat prepared” for a ransomware attack. And only 32% believe their organization is “highly prepared.” 38% of organizations have not conducted any ransomware-related training for their staff, and yet, even ISACA attributes the “human factor” as one of the reasons ransomware is growing.

Ransomware Statistics

The following ransomware statistics illustrate the rising epidemic and the billions it has cost victims.

• An average of 4,000 ransomware episodes occurs every day. Source: FBI Internet Crime Report.
• Ransomware is the top variety of malicious software, found in 39% of cases where malware was identified. Source: Verizon’s 2018 Data Breach Investigations Report.
• In our latest State of the Phish™ Report, only 46% of respondents could correctly define ransomware.
• 42% of U.S. respondents to our 2017 User Risk Report could not correctly identify what ransomware is.

Course Learning Objectives

By taking this Ransomware course, the user will learn:

• Recall the costs of ransomware attacks to organizations and society
• Outline the ways in which ransomware attacks are initiated
• Choose best practices for organizations and employees to prevent ransomware attacks
• Summarize the options and approaches for recovering from a ransomware attack
• Ransomware definition and objective.
• types and trends of Ransomware.
• encryption and decryption mechanism used by Ransomware.
• Knowledge of Windows file format.
• Skills in compare between Ransom file and common file with hex view tool.

Who Should Attend:

• IT Security Professionals
• IS Managers
• System Managers
• Government Employees
• SOC Professionals
• Digital Forensic and Malware Analysts
• Incident Response Team Members
• Ethical Hackers
• IT System Administrators
• Reverse Engineers with 0 – 2 yrs of experience
• System administrators

Suggested Prerequisites:

There is not mandatory prerequisite course to attend this course, but the following knowledge and skills preferred.

• Students should be familiar with using Windows and Linux operating environments and be able to troubleshoot general connectivity and setup issues.
• Have a background of computer science and IT related experience.

Detailed Outline:

• What is Ransomware.
• Types of Ransomware.
• Ransomware Lifecycle
• Encrypting Ransomware
  • Locker Ransomware:
  • Master Boot Record (MBR) Ransomware:
  • Mobile Ransomware

• Target Industries of Ransomware – Case Studies
  • Healthcare
  • Financial Services
  • Government Agencies
  • Education:
  • Small and Medium-sized Enterprises (SMEs)

• Ransomware Corporate Firewall and Antivirus Bypassing Techniques – Live POCs and Case Studies
  • Polymorphic Ransomware
  • Fileless Ransomware
  • Exploit Kits
  • Social Engineering
  • 0-Day Exploits etc.

• Features of Ransomware – Live POCs and Case Studies
  • Encryption
  • Ransom Note
  • Timer and Threats
  • Payment Methods etc.

• Methods to spread Ransomware
  • Phishing Emails
  • Malicious Websites
  • Advertising
  • Exploit Kits
  • Using AI Tools to Spread
  • Case Studies.

• How do Ransomware Infections happen?
  • Opening Infected Attachments
  • Click
  • Auto Execute etc.
  • Hands-on – Sample Ransomware

• Why Ransomware Evades Antivirus Detection (Security Bypass Techniques).
  • Encryption and Obfuscation
  • Polymorphism
  • Fileless Execution
  • Zero-Day Exploits
  • Hands-on Various Techniques to Avoid Detection by Antivirus Software.
  • Live POCs and Case Studies

• How Criminals Can Camouflage Ransomware Files with Any File Extension.
• How Ransomware Easily Infects Systems and Mobile Devices
  • Phishing Attacks
  • Exploit Kits
  • Malicious Websites and Ads
  • App Stores and Third-Party Sources etc.
  • Live POCs and Case Studies

• Notable 0-Day Ransomware in the Market – Live POCs and Case Studies
• Illicit Darkweb Ransomware Marketplace – Live POCs
• Analyzing Ransomware Activity
  • Collection of Data
  • Malware Identification
  • Malware Analysis
  • Communication Analysis
  • Decryption Analysis
  • Command-and-Control Tracking
  • Victim Profiling
  • Attribution and Reporting
  • Live POCs and Case Studies

• Uncovering the Underlying Origins of Ransomware
• Analysis and Surveillance of Ransomware Operations
• Methodology for Ransomware data Decryption.
  • Ransomware Variant Identification
  • Research and Analysis
  • Sample Collection
  • Backup and Preservation
  • Identify Recovery Options
  • Verify the Legitimacy of Decryption Tools
  • Decrypt Files
  • Prevention and Recovery

• Forensic Investigation of Ransomware & Root Cause Analysis – Hands-on
  • Identification and Isolation
  • Evidence Collection
  • Timeline Reconstruction
  • Malware Analysis
  • Network Forensics
  • Cryptocurrency Tracing
  • Victim Profiling
  • Logs Data Analysis
  • Incident Response and Mitigation
  • Reporting and Documentation.

• Implementing Security Measures to Prevent Ransomware Attacks
  • Host Hardening
  • Network Segmentation:
  • Access Control
  • Email Filtering etc.

• Ransomware Security Measures Ransomware Security Measures
  • Regular Data Backup
  • Robust Antivirus Software
  • Patch Management
  • Employee Education etc.