Ransomware: Defending Against Digital Extortion

I'll start with the positive: There is a lot of sound advice in this book and some excellent references to tools and information that will help an organization thwart ransomware. I have been helping prevent or mitigate ransomware attacks for years and there were a number of defensive ideas in the book that I had either not considered or previously dismissed as ineffective. Great food for thought!Now the problem: Almost every chapter feels more like a remix than part of a logical arc. Descriptions of how certain systems work are cut short with nearly identical mentions of the basics of ransomware defense. Restructuring the book to reduce repetition would have allowed much deeper dives into the threats and defenses.The other big weakness is an inconsistent presentation of defenses. Instead of diving a bit deeper into one of the many DNS firewall options, the surface just scratched over and over. Carbon Black and other powerful next gen endpoint tools are mentioned again and again but never with more than a screenshot of depth. Defensive Group Policies are hinted at but not spelled out. Then there are a few examples of too much detail. IDS is often presented with Snort rules, which is fine but probably pointless detail for most readers since signatures change constantly.Lots of potential in this one. A second edition with heavy editing and a deeper dive into the details of how to implement some of these defenses, plus some stories from the battlefield, would turn this from a three to a five.

This book provides a good overview of a number of ransomware families (CryptXXX, Locky, Cerber, Ransom32, KeRanger) and a good description of the anatomy of a ransomware attack (load, key exchange, windows registry, volume shadow copy, encrypt, ransom). That said, it seems that O'Reilly rushed the publication of the book when it really needed some more time with an editor.- The description of the key exchange process is unclear; the authors, at least once, refer to "private key(s)" when they mean "public keys"- Diagrams are referred to according to their colors (relevant in kindle) when the print book is black and white- Sometimes the author includes details that don't make sense unless you read further but which should be explained when they are introduced- Not all acronyms are explained and, at least once, the authors tell you what an acronym means after they have been using it for 5+ pages without explanationWould be 4-5 star with some additional help from an editor.

The book is very informative into the world of ransomware. Gives you a few hints into which are professional ransomware and which are wannabes. How to go about preventing getting ransomware in first place and how to stop ransomware from encrypting files.

As an early piece of malware, the 1989 Yankee Doodle virus was limited to playing the patriotic song of the same name. Much has changed over the years, and the rise of ransomware is playing out a very, and much less melodious tone. Countless individuals and businesses of all sizes are being locked out of their own data and their systems made unavailable, until a ransom is paid to the ransomware creators.Just this week, a cluster of ransomware attacks against MongoDB servers has affected more than half of the Internet-facing MongoDB databases. Ransomware is a prime time information security risk, and its effects can be devastating.In Ransomware: Defending Against Digital Extortion, authors Allan Liska and Timothy Gallo have written a concise and helpful guide that shows the reader what they can do to ensure they don’t become a victim, or at least minimize their chances of becoming a victim of a ransomware attack. The book also enumerates what can be done if a firm finds themselves in the midst of a ransomware attack.A key point the book makes is that most ransomware attacks are a result of an email. They suggest the most efficient method to use is to secure the messaging infrastructure as part of a multi-layered approach. At the perimeter, they advise using a gateway which could be the first step in identifying and quarantining ransomware.Behind each email is a user who may click a link to unknowingly load ransomware on their local machine. Liska and Gallo emphasize the need for effective awareness training. They also make the point not to put all the blame on the end-user in case something goes bad.A good part of the risk avoidance measures the authors suggest includes basic information security practices. They note that one of the best methods to avoid paying a ransom is have an effective and tested data backup plan in place.At 190 pages, the book doesn’t waste space giving you a long introduction to ransomware. It gives a basic overview, then delves into tactical approaches that you can use at various levels in the enterprise.A reviewer on Amazon notes that the book is “good, but needs some more editing to be great”. I also did find a number of editing mistakes; but they were all trivial. Given the devastating effects of ransomware, this is an excellent reference to put to use to ensure you don’t become a victim. If you can deal with an incorrect acronym or two, and focus on the superb tactical advice detailed in the book, you’ll be better able to defend against and deal with ransomware.

Pelo custo do livro e o conteúdo, achei bastante caro. O conteúdo apresentado no livro é facilmente encontrado na internet, em sites especializados sobre o assunto.