23. Ransomware Attack and Defence
Ransomware is the most financially destructive cyber threat. This mind map covers how ransomware works, major threat groups, and the controls that prevent and contain it.
Topics Covered
- Ransomware-as-a-Service (RaaS)
- Infection: phishing, RDP, exploits
- Encryption mechanism and key management
- Double extortion model
- WannaCry, NotPetya, REvil, LockBit
- 3-2-1 backup strategy
- Offline and immutable backups
- EDR behavioural detection
- IR and ransom payment decisions