Hands-on Ransomware Mitigation Learning Path

Learn how to prevent, detect, contain and remediate ransomware attacks.

2 hours, 51 minutes

Quick facts

About this learning path

  • courses

    100% online

  • Duration

    2 hours, 51 minutes

  • Assessment


About Hands-on Ransomware Mitigation

Ransomware has emerged as one of the most impactful and expensive cyber threats of recent years. High-profile attacks have caused significant supply chain disruptions in many industries, and organizations that fall victim to a ransomware infection experience data loss and high costs of recovery. Additionally, as ransomware attacks have evolved, companies face the threat of data breaches, DDoS attacks and direct extortion of their customers. This learning path explores the ransomware threat and the life cycle of a ransomware attack. It dives into how ransomware attacks work under the hood and best practices for preventing, detecting, containing and remediating a ransomware attack. Throughout the learning path, real-world case studies will explore high-profile attacks and how they were handled by their targets.



Introduction to ransomware mitigation

Course - 01:12:00

The course starts by providing background about ransomware mitigation. Topics covered include the history of the ransomware threat and its present-day impacts. From there, the course goes on to discuss the logistics of ransomware attacks. This includes some of the common ransomware attack vectors and best practices for preventing infections.
Introduction to evidence collection

Course - 00:13:00

Digital forensics investigations are a common part of ransomware mitigation because evidence may be needed for mitigation, legal action and insurance claims. This course describes the importance of properly collecting digital evidence when investigating a malware infection and demonstrates methods for collecting evidence from virtualized and physical computers.
Honeypots for ransomware detection

Course - 00:06:00

Ransomware attacks are designed to be stealthy until they present the ransom note, because tipping their hand could allow a victim to save data from encryption. This course explores the use of honeypot files on a computer to identify if ransomware is encrypting files on the computer, providing an early level of ransomware detection.
Extracting IoCs from ransomware files

Course - 00:03:00

Ransomware comes in a variety of forms, and correctly identifying the ransomware variant is essential to properly remediating it. This course explores the process of collecting indicators of compromise (IoCs) from ransomware and encrypted files on an infected computer for use in identifying the ransomware variant.
Open-source intelligence (OSINT) for ransomware identification

Course - 00:04:00

Often, a great deal of open-source intelligence (OSINT) is available for common malware samples, and this information can help to expedite and streamline the remediation process. This lab explores some sources of OSINT that can be used to learn more about the ransomware variant being investigated in this learning path.
Using YARA for ransomware detection

Course - 00:06:00

YARA is a tool for describing and identifying malware on an infected system using unique characteristics such as strings, filenames and hash values. This course explores the use of YARA rules to describe a malware sample and using the YARA tool to scan a computer for signs that it has potentially been infected by the ransomware.
File hashing for malware analysis

Course - 00:04:00

Hash functions uniquely summarize a piece of data, such as a file, in a way that it is infeasible to find two inputs with the same hash. This course explores how to hash files on a system and how to use those hash values to scan the system for other copies of the malware and to look up suspected malware on sites such as VirusTotal.
Basic ransomware analysis with IDA Pro

Course - 00:06:00

IDA Pro is a static analysis tool that can be used to analyze a malware sample without executing it and infecting a computer. This course provides an introduction to malware analysis with IDA Pro, analyzing strings and use of Windows API functions to analyze the malware's behavior and prepare for dynamic analysis.
Using a debugger to extract a dropped file

Course - 00:06:00

This course sets the stage for the discussion of ransomware mitigation, including an exploration of the history of the threat and its present-day impact.
Exploring process injection in a debugger

Course - 00:05:00

Process injection is a technique that allows malware to run on a system while decreasing the probability of detection by hiding it within legitimate processes.
Ransomware process analysis

Course - 00:05:00

Process injection is a technique that allows malware to run on a system while decreasing the probability of detection by hiding it within legitimate processes. This course uses a debugger to explore the process injection process and determine which processes on a system are infected with malicious code and require remediation.
Ransomware analysis using network traffic

Course - 00:06:00

Ransomware and other malware commonly communicates over the network to infect new systems, exfiltrate data and perform command-and-control (C2) communications with its operator. This lab examines how network traffic can be used to learn more about malware and identify additional, potentially infected systems.
Ransomware and the Windows Registry

Course - 00:06:00

This course sets the stage for the discussion of ransomware mitigation, including an exploration of the history of the threat and its present-day impact.
Remediating a ransomware infection

Course - 00:28:00

After collecting information about a malware infection, the next step is remediation. This course explores how the information collected during the ransomware investigation can be applied to properly remediate the ransomware infection and perform continued monitoring to identify ongoing ransomware infections.

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo