Book Review: Ransomware Protection Playbook

The new Ransomware Protection Playbook, by Roger Grimes (Wiley) is a book that I suspect will be widely embraced by cybersecurity practitioners. Grimes, a renowned expert in cybersecurity, provides a comprehensive rundown on the nature of ransomware and a methodical set of practices to mitigate the threat. For anyone who is tasked with ransomware defense, this book should be the first reading assignment, even for experienced professionals.

I love thoroughness delivered by people who know what they’re talking about. This is what Grimes offers. He starts out by describing the long, little-known history of ransomware, which dates back to 1989. He then proceeds to explain how ransomware works, explicating the technological nuances that define many different varieties of this threat. He differentiates between ransomware that merely encrypts data, for example, and ransomware that encrypts entire systems at the root level.

The book is divided into two parts. The first goes into depth on the nature of ransomware. This includes chapters on preventing ransomware, cybersecurity insurance and legal considerations. The insurance section alone is worth the price of the book. It is so easy to get confused by the ins and outs of the evolving policies on the market. Grimes also provides an analysis of the legal consequences for paying a ransom. In this, he is accurate, but perhaps not practical. It’s not clear that anyone will face real life legal ramifications for the increasingly common decision to pay off the attacker.

The second part of the book deals with detection and recovery. This covers the need to develop a ransomware response plan, along with the means to detect an attack. Grimes then proceeds to discuss how to minimize ransomware damage and initiate early response. Later chapters deal with what not to do and the future of ransomware.

The book also asserts that ransomware is not just any old threat. It’s the most serious threat facing cybersecurity teams today. This is the context for Ransomware Protection Playbook. I, too, have emphasized the importance of combatting ransomware to stop the implants it leaves behind. He identifies the rise of Bitcoin as one of the primary factors responsible for the rampant growth of ransomware and the increase in the size of ransoms paid.

The reader will learn how to establish a strategy to protect an organization from ransomware attacks—both through prevention and response. Grimes’ basic insights, however, are a bit sobering. Social engineering remains one of the most effective modes of ransomware attack. People click on links they think were sent by friends. It’s an extremely difficult attack type to defend against, except through user training. And, as most practitioners know, people are the weakest link in cyber defense, and training people has limited impact.

He further notes that security basics, such as patch management, are critical to effective ransomware mitigation. Again, this is a workload that many organizations struggle with. One can hope that warning about how deficiencies in patching and other foundational security measures create greater ransomware risk exposure may spur people into action.

This is a highly worthwhile book for anyone who needs to get a better understanding of ransomware and devise an effective plan for reducing its potential impact.