In this course you will conduct effective response to ransomware leveraging best practices; identify the role of your IT and cybersecurity teams in responding to ransomware attacks; and identify the most common infection vectors used by ransomware actors and how to mitigate them. You will also identify threat actors likely to target your organization and build threat profiles outlining their TTPs.
Learning Objectives
Conduct effective response, containment, and eradication of ransomware incidents
Conduct analysis of common ransomware infection pathways and identify security controls for mitigation
Create profiles of threat actors targeting your organization with ransomware
Isolate and remove malware. (T0296)
Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. (T0278)
Perform tier 1, 2, and 3 malware analysis. (T0182)
Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level. (T0088)
Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities. (T0258)
Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information. (T0260)
Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity. (T0259)
Define appropriate levels of system availability based on critical system functions and ensure that system requirements identify appropriate disaster recovery and continuity of operations requirements to include any appropriate fail-over/alternate site requirements, backup requirements, and material supportability requirements for system recover/restoration. (T0051)