“Encryptors” are programs that find vulnerabilities in enterprise networks, then use these vulnerabilities to infiltrate the network, seize information valuable to the enterprise, and then extort money from the company’s management. Of course, these programs are created by people who can either unite in criminal groups or act alone. “Although the main targets of ransomware are still located in North and Latin America, Europe, and the Asia-Pacific region, over the past couple of years, Russia has ceased to be considered quiet harbor. According to Group-IB, in 2021 alone, the number of ransomware attacks on Russian companies increased by more than 200%. In recent years, there has been an increase in cyber attacks using ransomware. Unfortunately, this trend has not bypassed Russia either - here the number of such attacks in 2021 alone has increased more than three (!) times. That is why it is so opportune that a book by Oleg Skulkin, an outstanding expert not only in Russian, but also in international digital forensics. The author covers everything about ransomware, from the history of attacks to digital evidence. In the middle of his narration, fragments of program code look quite natural, and here and there - color screenshots. “Careful reconnaissance of the vulnerabilities of IT infrastructures and their preparation for the deployment of ransomware can bring cybercriminals millions of dollars in cryptocurrency.” According to the author (and this opinion is based with more than a decade of experience in the information security industry), enterprise networks and money can be saved by understanding the life cycle of ransomware attacks - this cycle is discussed in detail in the second chapter of the book, as well as in the final chapter, where the author helps readers learn how to reverse engineer a universal attack life cycle to which all ransomware are subject, no matter how individual they differ. “The pandemic has aggravated the situation - many companies have provided their employees with the opportunity to work remotely and were forced to open their servers, which have become targets for various types of attackers, including software operators.” ransomware."

Features• History of ransomware attacks;• How cybercriminals operate: their tactics, methods and procedures;• How to respond to incidents with ransomware.

For whomFor students systems administration students, system and network administrators, and cyber threat responders and analysts.