Malicious actors operate command-and-control (C&C/C2) servers to interact with their victims’ computers. These C2 servers are intended to instruct the compromised PCs to do undesired things, such as stealing the user’s passwords, encrypting the files for ransom or attacking other computers on the network.
Ransomware is a variation of malicious software that encrypts the victim’s files without any consent, then demands a ransom in exchange for the decryption keys. This is a lucrative, multi-million-dollar business model, which targets hundreds of thousands of users each day.
Files becoming unavailable could lead to the disruption of normal business activities, therefore it costs money. A formal incident response playbook with effective pre-designed instructions, however, helps minimize the impact on the business.
Incident response runbook (aka. playbook, “use case”) is a written guidance for identifying, containing, eradicating and recovering from cyber security incidents.
Check out this practical guide that walks you through the runbook development process for tackling phishing campaigns.